Security News > 2017 > December > Critical "Same Origin Policy" Bypass Flaw Found in Samsung Android Browser

Critical "Same Origin Policy" Bypass Flaw Found in Samsung Android Browser
2017-12-29 12:33

A critical vulnerability has been discovered in the browser app comes pre-installed on hundreds of millions of Samsung Android devices that could allow an attacker to steal data from browser tabs if the user visits an attacker-controlled site. Identified as CVE-2017-17692, the vulnerability is Same Origin Policy (SOP) bypass issue that resides in the popular Samsung Internet Browser version


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/-xn0LdUw5Sc/same-origin-policy-bypass.html

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2017-12-21 CVE-2017-17692 Information Exposure vulnerability in Samsung Internet Browser 5.4.02.3
Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that redirects to a child tab and rewrites the innerHTML property.
network
low complexity
samsung CWE-200
7.5
7.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Samsung 1618 128 354 396 74 952