SOP Bypass and Address Bar Spoofing in Yandex Browser for Android
CVE-2020-27969

7.3HIGH

Key Information:

Vendor: Yandex
Status: Yandex Browser For Android
Vendor: CVE Published:; 13 September 2021

What is CVE-2020-27969?

Yandex Browser for Android version 20.8.4 has a vulnerability that allows remote attackers to bypass the Same-Origin Policy (SOP), potentially leading to address bar spoofing. This security flaw could enable malicious actors to manipulate the browser's address bar, misleading users and compromising their security. It is essential for users of Yandex Browser to stay updated and apply necessary patches.

Affected Version(s)

Yandex Browser for Android All versions prior to version 20.8.4.

References

https://yandex.com/bugbounty/i/hall-of-fame-browser/

x_refsource_MISC

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 13, 2021
Vulnerability Reserved
Oct 28, 2020

JSON