Domain Spoofing in Samsung Internet Browser
CVE-2022-22290

6.5MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Internet
Vendor: CVE Published:; 14 January 2022

Summary

The Samsung Internet browser is affected by a vulnerability that allows attackers to exploit an incorrect download source UI. This flaw enables domain spoofing via a specially crafted HTML page, which can mislead users into believing they are interacting with legitimate content. As a result, attackers can potentially harvest sensitive information or execute malicious actions unbeknownst to the user. Users are advised to update to version 16.0.6.23 or later to mitigate this security risk.

Affected Version(s)

Samsung Internet - < 16.0.6.23

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 14, 2022
Vulnerability Reserved
Dec 30, 2021