Security News > 2017 > December > Critical "Same Origin Policy" Bypass Flaw Found in Samsung Android Browser

2017-12-29 12:33
A critical vulnerability has been discovered in the browser app comes pre-installed on hundreds of millions of Samsung Android devices that could allow an attacker to steal data from browser tabs if the user visits an attacker-controlled site. Identified as CVE-2017-17692, the vulnerability is Same Origin Policy (SOP) bypass issue that resides in the popular Samsung Internet Browser version
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/-xn0LdUw5Sc/same-origin-policy-bypass.html
Related news
- Critical auth bypass bug in CrushFTP now exploited in attacks (source)
- ASUS warns of critical auth bypass flaw in routers using AiCloud (source)
- Majority of Browser Extensions Pose Critical Security Risk, A New Report Reveals (source)
- Ivanti warns of critical Neurons for ITSM auth bypass flaw (source)
- Unpatched critical bugs in Versa Concerto lead to auth bypass, RCE (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-12-21 | CVE-2017-17692 | Information Exposure vulnerability in Samsung Internet Browser 5.4.02.3 Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that redirects to a child tab and rewrites the innerHTML property. | 7.5 |