CVE-2017-17692: Same-Origin Policy (SOP) bypass vulnerability in the Samsung Internet Browser

by do son · Published December 31, 2017 · Updated October 10, 2021

On December 29, Dhiraj Mishra, a cybersecurity researcher, recently disclosed a critical SOP vulnerability (CVE-2017-17692) for the Samsung Android browser that exists in the Samsung Internet Explorer In version 5.4.02.3 or earlier, an attacker could be allowed to steal important information such as passwords or cookie sessions after a user visits a malicious website.

Same Origin Policy (SOP) is a security feature used in modern browsers to enable web pages from the same website to interact with each other while preventing interference from unrelated websites. In other words, SOP ensures that JavaScript code from one source does not access the properties of another source website.

When an attacker manipulates a Javascript to open a new tab in a given domain name of the Samsung Internet Explorer (eg, google.com), the Javascript code rewrites the content of the page at will. This is a taboo in browser design because it means that attackers can violate the same-origin policy through Javascript and can be executed directly from one site (controlled by an attacker) and then at another site (the attacker is interested Follow-up. Essentially, if the victim takes the lead in accessing an attacker-controlled Web page, an attacker can not only insert custom Javascript code into any domain name but can also steal cookie sessions and read and write webmail in the user’s name.

Mishra reported the details of the vulnerability to Samsung at the time, and Samsung said: “The patch has been pre-installed on our upcoming Galaxy Note 8 and its application will be updated with the App Store update in October.” Currently, Mishra has released a POC based on the Metasploit module with the help of Jeffrey Martin of the Tod Beardsley Rapid7 team.

Attack demo videos from Mishra