CSRF of synchronization form in Yandex Browser for desktop before version 16.6 could be used by remote attacker to steal saved data in browser profile.
[
{
"product": "Yandex Browser for desktop",
"vendor": "Yandex N.V.",
"versions": [
{
"status": "affected",
"version": "before 16.6 for OSx and Windows"
}
]
}
]