Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows malicious users to execute JavaScript API to access data.
samsung galaxy store