Security News > 2017 > December > Critical "Same Origin Policy" Bypass Flaw Found in Samsung Android Browser
2017-12-29 12:33
A critical vulnerability has been discovered in the browser app comes pre-installed on hundreds of millions of Samsung Android devices that could allow an attacker to steal data from browser tabs if the user visits an attacker-controlled site. Identified as CVE-2017-17692, the vulnerability is Same Origin Policy (SOP) bypass issue that resides in the popular Samsung Internet Browser version
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/-xn0LdUw5Sc/same-origin-policy-bypass.html
Related news
- Juniper patches critical auth bypass in Session Smart routers (source)
- Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches (source)
- GitLab patches critical authentication bypass vulnerabilities (source)
- Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks (source)
- Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) (source)
- Critical flaw in Next.js lets hackers bypass authorization (source)
- Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857) (source)
- Critical auth bypass bug in CrushFTP now exploited in attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-21 | CVE-2017-17692 | Information Exposure vulnerability in Samsung Internet Browser 5.4.02.3 Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that redirects to a child tab and rewrites the innerHTML property. | 7.5 |