Depending on the hash, an attacker would look for collisions to get something running that could then change settings or launch other things. Failing that, you would look for flaws in the system or vulnerabilities in the OS in order to bypass it. Going deeper you run into trusted computing issues, of how do you know the verification firmware hasn't been tampered with?
The simplest approach though is if you're running Chrome, and I exploit Chrome, I'm now running as Chrome and could persist in memory at least until you shut down.
The simplest approach though is if you're running Chrome, and I exploit Chrome, I'm now running as Chrome and could persist in memory at least until you shut down.