CVEs-PoC/2021/CVE-2021-33594.md

### [CVE-2021-33594](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33594)
![](https://img.shields.io/static/v1?label=Product&message=F-Secure%20Mobile%20Security&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=18.3x%3E%3D%2018.4x%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=F-Secure%20Safe%20browser%20for%20Android%20vulnerable%20to%20Address%20Bar%20Spoofing&color=brighgreen)

### Description

An address bar spoofing vulnerability was discovered in Safe Browser for Android. When user clicks on a specially crafted a malicious URL, it appears like a legitimate one on the address bar, while the content comes from other domain and presented in a window, covering the original content. A remote attacker can leverage this to perform address bar spoofing attack.

### POC

#### Reference
- https://www.f-secure.com/en/business/support-and-downloads/security-advisories

#### Github
No PoCs found on GitHub currently.