Insufficient policy enforcement in DevTools allows a local attacker who can place a malicious file on the device to gain higher privileges than their account normally permits. The flaw enables the attacker to bypass normal security boundaries through the debugging interface, giving them the ability to elevate privileges within the Chrome process. The vulnerability is classified as a high‑severity privilege escalation, meaning it can grant full control over Chrome and may allow the attacker to impact other applications that rely on elevated privileges, although that expansion is inferred from the effect on Chrome itself.

Google Chrome for Android is affected in all releases prior to version 148.0.7778.96. Users running older Android Chrome versions that have not applied the latest patch are vulnerable. The fault is confined to the DevTools component of the browser and does not affect the core rendering engine directly.

Because the attack requires local access to the device and the ability to place a file, it is a local privilege escalation rather than remote. No EPSS score is available and the vulnerability is not listed in the CISA KEV catalog, indicating a lower likelihood of widespread exploitation. The CVSS score of 7.8 denotes a high severity, so an attacker with local device access can take full advantage if the issue is not patched.