Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-20837

Improper handling of granting permission for Trusted Web Activities in Samsung Internet prior to version 24.0.0.41 allows local attackers to grant permission to their own TWA WebApps without user interaction.

Published

2024-03-05T05:15:11.150

Last Modified

2024-12-23T16:29:57.827

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	samsung	internet	< 24.0.0.41	Yes

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=03 Vendor Advisory ([email protected])
https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=03 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)