Vulnerabilities in the browser protection of F-Secure SAFE for Android could allow remote attacker to steal user's sessions cookie.
RISK LEVEL: Medium
FIX: A fix has been released in the automatic update channel since 18 February 2022. No user action is required if automatic update is enabled.
A vulnerability affecting F-Secure SAFE browser protection was discovered improper URL handling can be triggered to cause universal cross-site scripting through browsing protection in a SAFE web browser. User interaction is required prior to exploitation. A successful exploitation may lead to arbitrary code execution.
This issue was reported to F-Secure through the Vulnerability Reward Program. No known exploit or attack has been seen in the wild.
User interaction is required prior to exploitation.
F-Secure Corporation would like to thank Kirtikumar Anandrao Ramchandani for bringing this issue to our attention.
Date Issued: 03-Mar-2022