Headline
CVE-2022-28868: CVE-2022-28868 | F-Secure
An Address bar spoofing vulnerability was discovered in Safe Browser for Android. When user clicks on a specially crafted malicious webpage/URL, user may be tricked for a short period of time (until the page loads) to think content may be coming from a valid domain, while the content comes from the attacker controlled site.
Security Advisories
CVE-2022-28868: Address Bar Spoofing Vulnerability in F-Secure SAFE Browser for Android
Description
Address bar may show next URL for a short period of time, which could potentially lead to address bar spoofing.
STATUS: Fixed
RISK LEVEL: Medium
FIX: A fix has been released in the automatic update channel since 13th, April 2022. No user action is required.
Affected Products
- F-Secure SAFE Browser for Android Version 18.6 and below
Platforms
- All supported platforms for the affected products
More Information
An Address bar spoofing vulnerability was discovered in Safe Browser for Android. When user clicks on a specially crafted malicious webpage/URL, user may be tricked for a short period of time (until the page loads) to think content may be coming from a valid domain, while the content comes from the attacker controlled site.
This issue was reported to F-Secure through the Vulnerability Reward Program. No known exploit or attack has been seen in the wild.
Credits
F-Secure Corporation would like to thank Kirtikumar Anandrao Ramchandani for bringing this issue to our attention.