Security changelogs

Fixed in version 16.6

26 October 2016, 09:10

CVE-2016-8504: Ziyahan Albeniz

CSRF of synchronization form in Yandex Browser for desktop before version 16.6 could be used by remote attacker to steal saved data in browser profile.

CVE-2016-8505: Jouko

XSS in Yandex Browser's BookReader in Yandex browser for desktop for versions before 16.6. could be used by remote attacker for evaluation arbitrary JavaScript-code.