CSRF of synchronization form in Yandex Browser for desktop before version 16.6 could be used by remote malicious user to steal saved data in browser profile.
yandex yandex browser