CVE-2017-17692

HIGH

Samsung Internet Browser 5.4.02.3 - Same Origin Policy Bypass via JavaScript innerHTML Manipulation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2017-17692. PoCs published by Dhiraj Mishra, specloli, Dhiraj Mishra, Tod Beardsley, Jeffrey Martin, including Metasploit module auxiliary/gather/samsung_browser_sop_bypass.

AI-analyzed exploit summary This Metasploit module exploits a Same-Origin Policy (SOP) bypass in Samsung Internet Browser by injecting malicious JavaScript to capture credentials via a fake prompt. It sets up a web server to deliver the exploit and collect POST data containing stolen credentials.

Description

Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that redirects to a child tab and rewrites the innerHTML property.

Exploits (3)

exploitdb WORKING POC
by Dhiraj Mishra · rubyremoteandroid
https://www.exploit-db.com/exploits/43376

This Metasploit module exploits a Same-Origin Policy (SOP) bypass in Samsung Internet Browser by injecting malicious JavaScript to capture credentials via a fake prompt. It sets up a web server to deliver the exploit and collect POST data containing stolen credentials.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Samsung Internet Browser (versions affected by CVE-2017-17692)
No auth needed
Prerequisites: Victim must visit the attacker-controlled web page · Samsung Internet Browser must be vulnerable to CVE-2017-17692
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WRITEUP
by specloli · poc
https://github.com/specloli/CVE-2017-17692

This repository contains a writeup and video PoC for CVE-2017-17692, a Same-Origin Policy (SOP) bypass vulnerability in the Samsung Browser. The vulnerability was patched in the Galaxy Note8 and via an app store update in October 2017.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Samsung Browser (com.sec.android.app.sbrowser)
No auth needed
Prerequisites: Victim must use vulnerable Samsung Browser version · Attacker must lure victim to a malicious webpage
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC
by Dhiraj Mishra, Tod Beardsley, Jeffrey Martin · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/samsung_browser_sop_bypass.rb

This Metasploit module exploits a Same-Origin Policy (SOP) bypass vulnerability in Samsung Internet Browser to steal credentials via a fake pop-up. It serves a malicious webpage that opens a new tab and injects JavaScript to capture user input.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Samsung Internet Browser (versions affected by CVE-2017-17692)
No auth needed
Prerequisites: Victim must visit the malicious URL · Samsung Internet Browser must be vulnerable
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/43376/
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/145510/Samsung-Internet-Browser-SOP-Bypass.html

Scores

CVSS v3 7.5
EPSS 0.6751
EPSS Percentile 98.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
samsung/internet_browser 5.4.02.3
Published Dec 21, 2017
Tracked Since Feb 18, 2026