Insecure Caller Check in Samsung Internet Affects Mobile Browsing Security
CVE-2021-25521

4MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Internet
Vendor: CVE Published:; 8 December 2021

Summary

A vulnerability has been identified in the Samsung Internet browser prior to version 16.0.2 that allows untrusted applications to access the current tab's URL. This issue stems from insufficient security checks in the sharevia deeplink logic, posing a risk of unintended information disclosure. Users of affected versions should update their browser to enhance security and protect against potential exploitation.

Affected Version(s)

Samsung Internet - < 16.0.2

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

x_refsource_MISC

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 8, 2021
Vulnerability Reserved
Jan 19, 2021