Samsung Internet
Monthly
Improper authorization in Samsung Internet (Android browser) prior to version 30.0.0.39 allows a local attacker with low-level privileges to access sensitive information stored or processed by the browser, with downstream high-severity impact on subsequent systems as reflected in the CVSS 4.0 SC:H/SI:H/SA:H scores. The vulnerability requires only local access and no user interaction, making it exploitable by any co-resident low-privileged app or user account on the device. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis, and Samsung Mobile has released a patched version.
Improper authorization in Samsung Internet (Android browser) prior to version 30.0.0.39 allows a local attacker with low-level privileges to access sensitive information stored or processed by the browser, with downstream high-severity impact on subsequent systems as reflected in the CVSS 4.0 SC:H/SI:H/SA:H scores. The vulnerability requires only local access and no user interaction, making it exploitable by any co-resident low-privileged app or user account on the device. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis, and Samsung Mobile has released a patched version.