Critical Vulnerability Information Vulnerability Description Issue: In miniOS, code execution can still be performed on registered devices even when developer mode is blocked. Location: ChromeOS VRP - Security issue report affecting the ChromeOS ecosystem. Technical Details URL: https://chromium.googlesource.com/chromiumos/platform2/+/HEAD/minios/ramfs/etc/init/debug-tty.conf Issue: Full root-level code execution is possible via the VT3 console in developer mode, even if developer mode is blocked by device policy or FWMP. This occurs because the flag is set to 1, enabling a shell. Reproduction Steps 1. Enter developer mode (using Esc+Refresh+Power and then CTRL+D, even if developer mode is blocked). 2. While the blocking screen is displayed, press Esc+Refresh+Power again. 3. Select "Recovery with Internet Connection" to enter miniOS. 4. After the frecon screen loads, press CTRL+ALT+F3 (not CTRL+ALT+F2) to obtain a shell where code can be executed. Issue Description Detailed Description: This functionality works even on registered devices, leading to unauthorized code execution on such devices. Related Issue: https://issues.chromium.org/issues/40061944 Mitigation Measures Add a check in the debug-tty.conf file to determine whether developer mode is blocked. If blocked, do not start the debug tty. The command is not functional in this shell, so must be made accessible to check FWMP status.