CVE-2022-28870: Address Bar Spoofing Vulnerability in F-Secure SAFE Browser for Android

Showing old URL in case navigation to new URL fails could lead to address bar spoofing.

STATUS: Fixed

RISK LEVEL: Medium

FIX: A fix has been released in the automatic update channel since 13th, April, 2022. No user action is required.

• F-Secure SAFE Browser for Android Version 18.6 and below.

• All supported platforms of the affected products

A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website could make a phishing attack with address bar spoofing as the address bar was not correct if navigation fails.  

This issue was reported to F-Secure through the Vulnerability Reward Program. No known exploit or attack has been seen in the wild.

F-Secure Corporation would like to thank Kirtikumar Anandrao Ramchandani for bringing this issue to our attention.

Date Issued: 2022-04-14