Product
yandex browser
23 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2023-26226
CVE-2021-25262
CVE-2021-25255
CVE-2021-25254
CVE-2024-6473
CVE-2022-28226
CVE-2022-28225
CVE-2021-25261
CVE-2020-27970
CVE-2020-27969
CVE-2021-25263
CVE-2020-7369
CVE-2017-7327
CVE-2017-7326
CVE-2017-7325
CVE-2016-8508
CVE-2016-8507
CVE-2016-8506
CVE-2016-8505
CVE-2016-8504
CVE-2016-8503
CVE-2016-8502
CVE-2016-8501
< 24.4.0.682
A use after free memory corruption issue exists in Yandex Browser for Desktop prior to version 24.4.0.682
< 21.3.0
Yandex Browser for Android prior to version 21.3.0 allows remote attackers to perform IDN homograph attack.
< 21.1.0
Yandex Browser Lite for Android prior to version 21.1.0 allows remote attackers to cause a denial of service.
< 21.1.0
Yandex Browser Lite for Android before 21.1.0 allows remote attackers to spoof the address bar.
< 24.7.1.380
Yandex Browser for Desktop before 24.7.1.380 has a DLL Hijacking Vulnerability because an untrusted search path is used.
< 22.3.3.801
Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.801 allows a local, low privileged, attacker to execut
< 22.3.3.684
Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.684 allows a local, low privileged, attacker to execut
< 22.5.0.862
Local privilege vulnerability in Yandex Browser for Windows prior to 22.5.0.862 allows a local, low privileged, attacker to execut
< 20.10.0
Yandex Browser before 20.10.0 allows remote attackers to spoof the address bar
< 20.8.4
Yandex Browser for Android 20.8.4 allows remote attackers to perform SOP bypass and addresss bar spoofing
< 21.9.0.390
Local privilege vulnerability in Yandex Browser for Windows prior to 21.9.0.390 allows a local, low privileged, attacker to execut
< 20.8.4
User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of the Yandex Browser allows an att
<= 17.4.0.16
Yandex Browser installer for Desktop before 17.4.1 has a DLL Hijacking Vulnerability because an untrusted search path is used for
<= 17.4
Race condition issue in Yandex Browser for Android before 17.4.0.16 allowed a remote attacker to potentially exploit memory corrup
< 16.9.0
Yandex Browser before 16.9.0 allows remote attackers to spoof the address bar via window.open.
< 17.1.1.227
Yandex Browser for desktop before 17.1.1.227 does not show Protect (similar to Safebrowsing in Chromium) warnings in web-sites wit
< 16.10.0.2357
Yandex Browser for iOS before 16.10.0.2357 does not properly restrict processing of facetime:// URLs, which allows remote attacker
all versions
XSS in Yandex Browser Translator in Yandex browser for desktop for versions from 15.12 to 16.2 could be used by remote attacker fo
<= 16.4.0.94.4
XSS in Yandex Browser BookReader in Yandex browser for desktop for versions before 16.6. could be used by remote attacker for eval
<= 16.6.1.30165
CSRF of synchronization form in Yandex Browser for desktop before version 16.6 could be used by remote attacker to steal saved dat
all versions
Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 16.7 to 16.9 could be used by remote attacker for
all versions
Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 15.12.0 to 16.2 could be used by remote attacker f
all versions
Security WiFi bypass in Yandex Browser from version 15.10 to 15.12 allows remote attacker to sniff traffic in open or WEP-protecte