Security Advisories

CVE-2022-38163: F‑Secure SAFE browser vulnerable to spoofing done by drag and drop

Description

STATUS: Fixed

RISK LEVEL: Medium  

FIX: Newer version 19.2 has been released in the automatic update channel since 25th Oct 2022. No user action is required.

Affected Products

Consumer Products:

  • F-Secure SAFE Browser for Android and iOS version 19.0 and below.

Platforms

  • All supported platforms for the affected products

More Information

A drag and drop spoof vulnerability was discovered in F‑Secure Safe Browser for Android and iOS. Drag and drop operation by user on address bar could lead to a spoofing of the address bar.

This issue was reported to F-Secure through the Vulnerability Reward Program. No known exploit or attack has been seen in the wild.

Credits

F-Secure Corporation would like to thank Kirtikumar Anandrao Ramchandani for bringing this issue to our attention.

Date Issued: 2022-10-28