Full Screen Overlay User Interface Spoofing attack.
RISK LEVEL: Medium
FIX: Upgrade to version 18.5.x which is available in Google play.
F-Secure SAFE Browser Version 17.9 and below
A user interface overlay vulnerability was discovered in Safe Browser for Android. When user click on a specially crafted seemingly legitimate URL safe browser goes into full screen and hides the user interface. A remote attacker can leverage this to perform spoofing attack.
This issue was reported to F-Secure through the Vulnerability Reward Program. No known exploit or attack has been seen in the wild.
Exploiting the vulnerability requires the user to click on a specially crafted malicious URL.
F-Secure Corporation would like to thank Narendra Bhati (@imnarendrabhati) for bringing this issue to our attention.
Date Issued: 2021-12-10