Vulnerability in Samsung Internet

CVE-2024-20837

Improper handling of granting permission for Trusted Web Activities in Samsung Internet prior to version 24.0.0.41 allows local attackers to grant permission to their own TWA WebApps without user interaction.

EPSS: 0.001 (4.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L.

Affected products

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2024-20837?
CVE-2024-20837 is a medium-severity vulnerability in Samsung Internet, classified under CWE-280: IMPROPER HANDLING OF INSUFFICIENT PERMISSIONS OR PRIVILEGES. CVSS score: 5.3/10. Published 2024-03-05.
How severe is CVE-2024-20837?
Medium severity. CVSS v3 base score is 5.3 out of 10.
Is CVE-2024-20837 known to be exploited?
1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.