PT-2017-4190 · Yandex · Yandex Browser

Published

2017-03-01

Updated

2020-07-10

CVE-2016-8508

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions Yandex Browser for desktop versions prior to 17.1.1.227

Description The issue is related to errors in security settings of the Protect technology in Yandex Browser, which can be exploited by a remote attacker to hide notifications about suspicious content. This could potentially be used on malicious websites with special content types to prevent Protect warnings from being displayed.

Recommendations For Yandex Browser for desktop versions prior to 17.1.1.227, update to version 17.1.1.227 or later to resolve the issue. As a temporary workaround, consider restricting access to websites with special content types that may exploit this issue until the update is applied.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-254

Related Identifiers

BDU:2022-03578

CVE-2016-8508

Affected Products

Yandex Browser

PT-2017-4190 · Yandex · Yandex Browser

CVE-2016-8508

Weakness Enumeration

Related Identifiers

Affected Products

References · 6