PT-2024-18745 · Samsung · Samsung Internet
Zak Brighton Knight
·
Published
2024-03-04
·
Updated
2024-12-23
·
CVE-2024-20837
CVSS v3.1
5.3
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Samsung Internet versions prior to 24.0.0.41
Description
The issue arises from improper handling of granting permission for Trusted Web Activities in Samsung Internet, allowing local attackers to grant permission to their own TWA WebApps without user interaction.
Recommendations
For versions prior to 24.0.0.41, update to version 24.0.0.41 or later to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Samsung Internet