CVE-2016-8502

Name of the Vulnerable Software and Affected Versions Yandex Browser versions 15.12.0 through 16.2

Description The issue is related to the Anti-phishing function in Yandex Browser, which could be exploited by a remote attacker to brute-force passwords from important web resources using special JavaScript. This is due to errors in security settings, allowing a remote attacker to bypass existing security restrictions.

Recommendations For Yandex Browser versions 15.12.0 through 16.2, consider disabling the Anti-phishing function as a temporary workaround until a patch is available. Restrict access to sensitive web resources to minimize the risk of exploitation. Avoid using the browser for critical operations that involve sensitive information until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.