F-Secure SAFE Browser is vulnerable to address bar spoofing.
RISK LEVEL: Medium
FIX: Upgrade to version 18.4.x or newer from Google Play
An address bar spoofing vulnerability was discovered in SAFE Browser for Android. When user clicks on a specially crafted a malicious URL, it appears like a legitimate one on the address bar, while the content comes from other domain and presented in a window, covering the original content. A remote attacker can leverage this to perform address bar spoofing attack.
This issue was reported to F-Secure through the Vulnerability Reward Program. No known exploit or attack has been seen in the wild.
Exploiting the vulnerability requires the user to click on a specially crafted malicious URL.
F-Secure Corporation would like to thank Narendra Bhati (@imnarendrabhati) for bringing this issue to our attention.
|2021-08-11||First advisory published.|
|2021-08-12||Risk level changed from 'Low' to 'Medium'.|
Date Issued: 2021-08-11
Date Updated: 2021-08-12