Attackers could use the NVIDIA Web Helper Service as a vector to directly interact with Windows APIs or to load executable code into the node.js process to run malicious code:
From attacker perspective, this opens two possibilities. Either use node.js to directly interact with the Windows API (e.g. to disable application whitelisting or reflectively load an executable into the node.js process to run the malicious binary on behalf of the signed process) or to write the complete malware with node.js. Both options have the advantage, that the running process is signed and therefore bypasses anti-virus systems (reputation-based algorithms) per default.A bit more information about how this works can be read at GHack, they also explain how you can resolve the issue. Since the Web Helper Service is a non-essential part of the GeForce software, you can safely disable it until a more permanent fix arrives.
In a statement on its website, NVIDIA says it's investigating its software to determine the extent of the vulnerability.