CVE-2022-22290
First published: Fri Jan 14 2022(Updated: )
Incorrect download source UI in Downloads in Samsung Internet prior to 16.0.6.23 allows attackers to perform domain spoofing via a crafted HTML page.
Credit: mobile.security@samsung.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Samsung Internet | <16.0.6.23 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2022-22290.
What is the affected software?
The affected software is Samsung Internet prior to version 16.0.6.23.
What is the severity of CVE-2022-22290?
The severity of CVE-2022-22290 is medium with a severity value of 6.5.
How can attackers exploit CVE-2022-22290?
Attackers can exploit CVE-2022-22290 by performing domain spoofing via a crafted HTML page in the Downloads section of Samsung Internet.
How can I fix this vulnerability?
To fix this vulnerability, users should update Samsung Internet to version 16.0.6.23 or later.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/samsung
- canonical/samsung internet