Vulnerability in Samsung Internet
CVE-2024-20837
Improper handling of granting permission for Trusted Web Activities in Samsung Internet prior to version 24.0.0.41 allows local attackers to grant permission to their own TWA WebApps without user interaction.
EPSS: 0.001 (4.4th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L.
Affected products
- Samsung Internet
- Samsung Mobile Internet — versions 24.0.0.41
Public proof-of-concept exploits
References
- mobile.security@samsung.com (Vendor Advisory)
Frequently asked questions
- What is CVE-2024-20837?
- CVE-2024-20837 is a medium-severity vulnerability in Samsung Internet, classified under CWE-280: IMPROPER HANDLING OF INSUFFICIENT PERMISSIONS OR PRIVILEGES. CVSS score: 5.3/10. Published 2024-03-05.
- How severe is CVE-2024-20837?
- Medium severity. CVSS v3 base score is 5.3 out of 10.
- Is CVE-2024-20837 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.