Voorivex researchers have demonstrated how an intent validation flaw in exported activities leads to Universal Cross-Site Scripting (UXSS). In this attack, an adversary gains access not only to the active session on a vulnerable page but to all open or cached sessions within the browser at the time of exploitation.

The vulnerability required no elevated privileges and was executed entirely within the browser's context. Once successfully exploited, the flaw granted full access to session data.

🔗 Article: https://blog.voorivex.team/uxss-on-samsung-browser-cve-2025-58485-sve-2025-1879

💬 Discuss

UXSS in Samsung Internet Browser (CVE-2025-58485 / SVE-2025-1879)