Improper handling of granting permission for Trusted Web Activities in Samsung Internet prior to version 24.0.0.41 allows local attackers to grant permission to their own TWA WebApps without user interaction.

Related CVEs

CVE-2024-20837

Key Information

GHSA ID

GHSA-w8qw-8xxw-qff9

Published

March 5, 2024 6:30 AM

Last Modified

March 5, 2024 6:30 AM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: September 11, 2025 6:35 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.