First published: Wed Aug 11 2021(Updated: )
An address bar spoofing vulnerability was discovered in Safe Browser for Android. When user clicks on a specially crafted a malicious URL, it appears like a legitimate one on the address bar, while the content comes from other domain and presented in a window, covering the original content. A remote attacker can leverage this to perform address bar spoofing attack.
Credit: cve-notifications-us@f-secure.com
Affected Software | Affected Version | How to fix |
---|---|---|
F-secure Safe | <18.4.0 |
Upgrade to version 18.4.x or newer from Google Play
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-33594 is an address bar spoofing vulnerability discovered in Safe Browser for Android.
When a user clicks on a specially crafted malicious URL, it appears as a legitimate one in the address bar while showing content from another domain in a separate window.
Safe Browser for Android versions up to 18.4.0 are affected by CVE-2021-33594.
CVE-2021-33594 has a severity level of low (3.5).
To fix CVE-2021-33594, update Safe Browser for Android to a version above 18.4.0.