Improper Configuration in Samsung Internet Browser
CVE-2023-30674

6.5MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Internet
Vendor: CVE Published:; 6 July 2023

Summary

A configuration flaw in Samsung Internet versions prior to 21.0.0.41 can enable attackers to circumvent SameSite cookie attributes. This vulnerability could potentially allow the extraction of sensitive user data through manipulated cookie handling, thus posing a significant risk to user privacy and security online. Users are advised to update their browsers to mitigate this risk.

Affected Version(s)

Samsung Internet 21.0.0.41

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 6, 2023
Vulnerability Reserved
Apr 14, 2023