PT-2021-7164 · Yandex · Yandex Browser For Android

Kirtikumar Anandrao Ramchandani

Published

2021-09-13

Updated

2021-09-22

CVE-2020-27969

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Yandex Browser for Android version 20.8.4

Description The issue is related to shortcomings in the data source confirmation mechanism, allowing remote attackers to bypass the Same-Origin Policy (SOP) and spoof the address bar. This can enable a remote attacker to fake the content of the address bar.

Recommendations For Yandex Browser for Android version 20.8.4, update to a newer version to mitigate the risk of SOP bypass and address bar spoofing. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Origin Validation Error

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-346

Related Identifiers

BDU:2022-03582

CVE-2020-27969

Affected Products

Yandex Browser For Android

PT-2021-7164 · Yandex · Yandex Browser For Android

CVE-2020-27969

Weakness Enumeration

Related Identifiers

Affected Products

References · 6