Improper Access Control in Samsung Internet Browser
CVE-2021-25366

3.2LOW

Key Information:

Vendor: Samsung
Status: Samsung Internet
Vendor: CVE Published:; 25 March 2021

What is CVE-2021-25366?

An improper access control vulnerability in Samsung Internet Browser allows physically proximate attackers to bypass authentication for the secret mode. This flaw poses a risk of unauthorized access to sensitive information stored in the secret mode, leading to potential privacy breaches. Users should ensure their browsers are updated to the latest version to mitigate this vulnerability.

Affected Version(s)

Samsung Internet < 13.2.1.70

References

https://security.samsungmobile.com/

x_refsource_MISC

https://security.samsungmobile.com/serviceWeb.smsb

x_refsource_CONFIRM

CVSS V3.1

Score:

3.2

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Physical

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 25, 2021
Vulnerability Reserved
Jan 19, 2021