RSS   Vulnerabilities for 'Brave'   RSS

2021-07-12
 
CVE-2021-22916

CWE-200
 

 
In Brave Desktop between versions 1.17 and 1.26.60, when adblocking is enabled and a proxy browser extension is installed, the CNAME adblocking feature issues DNS requests that used the system DNS settings instead of the extension's proxy settings, resulting in possible information disclosure.

 
2021-02-23
 
CVE-2021-21323

CWE-200
 

 
Brave is an open source web browser with a focus on privacy and security. In Brave versions 1.17.73-1.20.103, the CNAME adblocking feature added in Brave 1.17.73 accidentally initiated DNS requests that bypassed the Brave Tor proxy. Users with adblocking enabled would leak DNS requests from Tor windows to their DNS provider. (DNS requests that were not initiated by CNAME adblocking would go through Tor as expected.) This is fixed in Brave version 1.20.108

 
2017-05-03
 
CVE-2017-8459

CWE-noinfo
 

 
** DISPUTED ** Brave 0.12.4 has a Status Bar Obfuscation issue in which a redirection target is shown in a possibly unexpected way. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) the display of web-search results.

 
 
CVE-2017-8458

CWE-74
 

 
Brave 0.12.4 has a URI Obfuscation issue in which a string such as https://safe.example.com@unsafe.example.com/ is displayed without a clear UI indication that it is not a resource on the safe.example.com web site.

 

 >>> Vendor: Brave 2 Products
Browser
Brave


Copyright 2024, cxsecurity.com

 

Back to Top