CVE-2024-20837

Published: Mar 5, 2024Modified: Dec 23, 2024

5.3

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Exploitability: 1.8 / Impact: 3.4

Source: NVD

Description

Improper handling of granting permission for Trusted Web Activities in Samsung Internet prior to version 24.0.0.41 allows local attackers to grant permission to their own TWA WebApps without user interaction.

Affected (1)

Products: Samsung: Internet

Samsung

1 product

Internet

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Samsung Internet	Before 24.0.0.41

References (2)

https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=03

Source: mobile.security@samsung.com

Vendor Advisory

https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=03

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.