F-Secure SAFE Browser for Android Vulnerable to Address Bar Spoofing
An address bar spoofing vulnerability was discovered in SAFE Browser for Android. When user clicks on a specially crafted a malicious URL, it appears like a legitimate one on the address bar, while the content comes from other domain and presented in a window, covering the original content. A remote attacker can leverage this to perform address bar spoofing attack.
This issue was reported to F-Secure through the Vulnerability Reward Program. No known exploit or attack has been seen in the wild.
F-Secure Corporation would like to thank following person for bringing this issue to our attention.