Insufficient policy enforcement in DevTools allows a local attacker who can place a malicious file on the device to gain higher privileges than their account normally permits. The flaw enables the attacker to bypass normal security boundaries through the debugging interface, giving them the ability to elevate privileges within the Chrome process. The vulnerability is classified as a high‑severity privilege escalation, meaning it can grant full control over Chrome and may allow the attacker to impact other applications that rely on elevated privileges, although that expansion is inferred from the effect on Chrome itself.

Google Chrome for Android is affected in all releases prior to version 148.0.7778.96. Users running older Android Chrome versions that have not applied the latest patch are vulnerable. The fault is confined to the DevTools component of the browser and does not affect the core rendering engine directly.

Because the attack requires local access to the device and the ability to place a file, it is a local privilege escalation rather than remote. The EPSS score is < 1%, indicating a very low but nonzero exploitation probability, and the vulnerability is not listed in the CISA KEV catalog, suggesting that it does not appear in known exploitation campaigns. The CVSS score of 7.8 denotes a high severity; an attacker with local device access can exploit this flaw to gain higher privileges within Chrome.