Security Advisories

CVE-2022-28873: Multiple Address Bar Spoofing Vulnerabilities in F-Secure SAFE Browser for Android

Description

STATUS: Fixed

RISK LEVEL: Medium

FIX: A fix has been released in the automatic update channel since 3rd May 2022. No user action is required.

Affected Products

  • F-Secure SAFE Browser for Android Version 19.0 and below

Platforms

  • All supported platforms for the affected products

More Information

A vulnerability affecting F-Secure SAFE browser was discovered. An attacker can potentially exploit Javascript window.open functionality in SAFE Browser which could lead address bar spoofing attacks.

This issue was reported to F-Secure through the Vulnerability Reward Program. No known exploit or attack has been seen in the wild.

Credits

F-Secure Corporation would like to thank Kirtikumar Anandrao Ramchandani for bringing this issue to our attention.

Date Issued: 2022-05-12