CVE-2017-7325

Name of the Vulnerable Software and Affected Versions Yandex Browser versions prior to 16.9.0

Description The issue allows remote attackers to spoof the address bar. This is due to insufficient input validation, which can be exploited by a remote attacker to modify the address bar value using the window.open function.

Recommendations For versions prior to 16.9.0, update to version 16.9.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the window.open function until a patch is applied.