CVE-2021-40834

User interface Spoofing in F-Secure SAFE browser for Android

More information

A user interface overlay vulnerability was discovered in Safe Browser for Android. When user click on a specially crafted seemingly legitimate URL safe browser goes into full screen and hides the user interface.  A remote attacker can leverage this to perform spoofing attack.

This issue was reported to WithSecure through the Vulnerability Reward Program. No known exploit or attack has been seen in the wild.

Contributors

WithSecure Corporation would like to thank following person for bringing this issue to our attention.

Narendra Bhati

Twitter

    Description

  • Full Screen Overlay User Interface Spoofing attack
  • Status

  • Fixed
  • Risk level

  • Medium
  • Fix

  • Upgrade to version 18.5.x which is available in Google play.
  • Affected products

  • F-Secure SAFE Browser Version 17.9 and below
  • Platforms

  • Android
  • Date issued

  • 10/12/2021
  • customer-support