The browser application has detected a critical security hole which is Same Origin Policy (SOP) installed on hundreds of millions of Samsung Android devices that would allow an attacker to steal data from browser tabs when a user visits an attacker’s website.
Identified as CVE-2017-17692, this gap exists in the Bypass Same Origin Policy (SOP) included in version 5.4.02.3 of the browser Samsung Internet Explorer and earlier versions.
The same identity principle or SOP (Same Origin Policy) is a security feature used in modern browsers to interact with websites from the same website, preventing mutual interference of unrelated websites.
SOP(Same Origin Policy) may bypass the vulnerability of the Samsung Internet browser discovered by Dhiraj Mishra, which may allow a malicious website to steal data, such as passwords or cookies from pages opened by the victim on different cards.
Attackers can even track a copy of the cookie session or hack into your session and read and write Internet mail on your behalf.
Mishra reported a security hole in Samsung, and the company replied that “the patch is already installed in our next Galaxy Note 8, and the application will be updated in October by updating the app store.”
In the meantime, with the help of Tod Beardsley and Jeffrey Martin of Rapid7, Mishra released the feat for the Metasploit Framework.
Researchers from Rapid7 also published video demonstrating the attack.
Because the exploit code for Metasploit for the Same Origin Policy (SOP) gap bypasses the vulnerability in the Samsung browser, it is now publicly available, anyone with less technical knowledge can exploit this vulnerability on a large number of Samsung devices, most of which are still in use. Use Android Stock Browser.