Yandex Browser
Approved changes feed: RSS · Atom
cpe:2.3:a:yandex:yandex_browser:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Yandex (694d67c2-958c-56da-ba5e-25307fedecef) |
|---|---|
| Product | Yandex Browser (79febb20-c6f9-5bb7-8ded-849158d59a25) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-6473 |
vulnerable | 2026-06-03 14:58:03.269750 |
DLL Hijacking in Yandex Browser
Yandex Browser for Desktop before 24.7.1.380 has a DLL Hijacking Vulnerability because an untrusted search path is used.
Published: 2024-09-03T10:35:59.145Z
Updated: 2024-09-03T13:55:15.844Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-28226 |
vulnerable | 2026-06-03 14:46:54.624836 |
Details available
Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.801 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating temporary files in directory with insecure permissions during Yandex Browser update process.
Published: 2022-06-15T19:06:17.000Z
Updated: 2024-08-03T05:48:37.380Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-28225 |
vulnerable | 2026-06-03 14:46:54.624423 |
Details available
Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.684 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process.
Published: 2022-06-15T19:10:32.000Z
Updated: 2024-08-03T05:48:37.339Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-25262 |
vulnerable | 2026-06-03 14:44:04.936014 |
Yandex Browser for Android prior to version 21.3.0 allows remote attackers to perform IDN homograph attack.
Yandex Browser for Android prior to version 21.3.0 allows remote attackers to perform IDN homograph attack.
Published: 2025-05-21T07:07:29.310Z
Updated: 2025-05-21T13:51:43.378Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-25261 |
vulnerable | 2026-06-03 14:44:04.933843 |
Details available
Local privilege vulnerability in Yandex Browser for Windows prior to 22.5.0.862 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process.
Published: 2022-06-15T19:05:54.000Z
Updated: 2024-08-03T19:56:11.090Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-7369 |
vulnerable | 2026-06-03 14:43:06.168461 |
Yandex Browser Address Bar Spooofing
MEDIUM (4.3)
User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of the Yandex Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects the Yandex Browser version 20.8.3 and prior versions, and was fixed in version 20.8.4 released October 1, 2020.
Published: 2020-10-20T16:40:24.201Z
Updated: 2024-09-17T01:21:44.428Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-27970 |
vulnerable | 2026-06-03 14:42:18.932438 |
Details available
Yandex Browser before 20.10.0 allows remote attackers to spoof the address bar
Published: 2021-09-13T11:46:00.000Z
Updated: 2024-08-04T16:25:44.126Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-7327 |
vulnerable | 2026-06-03 14:37:31.794912 |
Details available
Yandex Browser installer for Desktop before 17.4.1 has a DLL Hijacking Vulnerability because an untrusted search path is used for dnsapi.dll, winmm.dll, ntmarta.dll, cryptbase.dll or profapi.dll.
Published: 2018-01-19T17:00:00.000Z
Updated: 2024-09-16T21:57:43.175Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-7325 |
vulnerable | 2026-06-03 14:37:31.791175 |
Details available
Yandex Browser before 16.9.0 allows remote attackers to spoof the address bar via window.open.
Published: 2018-01-19T17:00:00.000Z
Updated: 2024-09-16T22:36:01.365Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-8508 |
vulnerable | 2026-06-03 14:36:09.503749 |
Details available
Yandex Browser for desktop before 17.1.1.227 does not show Protect (similar to Safebrowsing in Chromium) warnings in web-sites with special content-type, which could be used by remote attacker for prevention Protect warning on own malicious web-site.
Published: 2017-03-01T15:00:00.000Z
Updated: 2024-08-06T02:27:40.931Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-8504 |
vulnerable | 2026-06-03 14:36:09.496958 |
Details available
CSRF of synchronization form in Yandex Browser for desktop before version 16.6 could be used by remote attacker to steal saved data in browser profile.
Published: 2016-10-26T18:00:00.000Z
Updated: 2024-08-06T02:27:40.997Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.