Comment by dist-epoch
21 hours ago
If native code is running on your Windows (as opposed to JavaScript in the browser sandbox), you've already lost.
It can steal your cookies and browser saved passwords, it can upload your photos or delete them.
Privilege escalation to SYSTEM is the least of your worries.
More or less, no desktop OS other than Qubes and MacOS (to a very limited extent) can handle the user being even vaguely compromised, much less a user with privilege. Keys to the kingdom are already in the user domain, SSH keys, all your emails and photos, contacts, access to other devices in your network. The user can backdoor themselves to get passwords by modifying their own environment, can escalate by modifying the DNS settings of the users browser to gain more access. Root access by and large is completely irrelevant.