CSRF of synchronization form in Yandex Browser for desktop before version 16.6 could be used by remote attacker to steal saved data in browser profile.

CSRF of synchronization form in Yandex Browser for desktop before version 16.6 could be used by remote attacker to steal saved data in browser profile.

Уязвимость механизма синхронизации форм браузера Yandex Browser, позволяющая нарушителю осуществить CSRF-атаку