Security changelogs

Fixed in version 16.9

18 January, 16:55

CVE-2016-8503: Evgeny Sukhov

Yandex Protect Anti-phishing warning in Yandex Browser for Desktop from version 16.7.0 to 16.9.0 could be used by a remote attacker for brute-forcing passwords from important web-resource (without opportunity of getting login or important resource's address) with special JavaScript-code.

CVE-2017-7325: Patryk Bogdan

Yandex Browser for Desktop before 16.9.0 allows remote attackers to spoof the address bar via