39 matches found
Brave Desktop 1.91.168 Security Fixes
Added the ability to disable or delay automatic extension updates when brave://flags/brave-user-extension-auto-update is enabled. Upgraded Chromium to 149.0.7827.54 — refer to Google Chrome advisories for inherited CVEs...
Brave Desktop 1.90.128 Security Fixes
Updated wallet to handle more "Permit" type warnings in the "Sign" panel as reported on HackerOne by syarif07. - Fix wallet provider binding issue as reported on HackerOne by shinchan69. Upgraded Chromium to 148.0.7778.217 — refer to Google Chrome advisories for inherited CVEs...
Brave Desktop 1.88.134 Security Fixes
Fixed "Gate3" explorer URL validation to prevent XSS. Upgraded Chromium to 146.0.7680.153 — refer to Google Chrome advisories for inherited CVEs...
CVE-2021-22916
In Brave Desktop between versions 1.17 and 1.26.60, when adblocking is enabled and a proxy browser extension is installed, the CNAME adblocking feature issues DNS requests that used the system DNS settings instead of the extension's proxy settings, resulting in possible information disclosure...
Brave Desktop 1.85.120 Security Fixes
Updated Picture-in-Picture PiP to display origin as reported on HackerOne by frozzipies. Upgraded Chromium to 143.0.7499.192 — refer to Google Chrome advisories for inherited CVEs...
Brave Desktop 1.85.111 Security Fixes
Improved IKEv2 VPN configuration parameters on Windows. - Enabled WASM Interpreter when JIT is disabled. Upgraded Chromium to 143.0.7499.40 — refer to Google Chrome advisories for inherited CVEs...
EUVD-2020-29144
Malware in sbrugna...
EUVD-2021-10045
Malware in sbrugna...
EUVD-2023-32058
Malicious code in bioql PyPI...
EUVD-2021-32600
Malicious code in bioql PyPI...
Brave Desktop 1.82.170 Security Fixes
Enhanced validation for hardware wallet bridge communication as reported on HackerOne by oblivionsage. Upgraded Chromium to 140.0.7339.186 — refer to Google Chrome advisories for inherited CVEs...
Brave Desktop 1.81.135 Security Fixes
Set clipboard sensitivity flag when copying Brave Wallet recovery code as reported on HackerOne by newfunction. Upgraded Chromium to 139.0.7258.127 — refer to Google Chrome advisories for inherited CVEs...
Brave Desktop 1.79.123 Security Fixes
Fixed missing DDNS navigation throttle for subframes as reported on HackerOne by newfunction. Upgraded Chromium to 137.0.7151.104 — refer to Google Chrome advisories for inherited CVEs...
Brave Desktop 1.79.119 Security Fixes
Added a conditional host check in binding handlers as reported on HackerOne by newfunction. Upgraded Chromium to 137.0.7151.68 — refer to Google Chrome advisories for inherited CVEs...
CVE-2023-28360
An omission of security-relevant information vulnerability exists in Brave desktop prior to version 1.48.171 when a user was saving a file there was no download safety check dialog presented to the user...
CVE-2020-8276
The implementation of Brave Desktop's privacy-preserving analytics system P3A between 1.1 and 1.18.35 logged the timestamp of when the user last opened an incognito window, including Tor windows. The intended behavior was to log the timestamp for incognito windows excluding Tor windows. Note that...
Brave Desktop 1.78.94 Security Fixes
Re-encoded images fetched for Brave News. Upgraded Chromium to 136.0.7103.60 — refer to Google Chrome advisories for inherited CVEs...
Brave Desktop 1.76.73 Security Fixes
Fixed Tor leaks as reported on HackerOne by 0x999. 44299, 44333, & 44334 Upgraded Chromium to 134.0.6998.45 — refer to Google Chrome advisories for inherited CVEs...
Brave Desktop 1.75.175 Security Fixes
Fixed issue where audio was not being farbled in certain cases as reported on HackerOne by cesiumfusilli. - Disabled block element picker in Private Windows as reported on HackerOne by newfunction. Upgraded Chromium to 133.0.6943.54 — refer to Google Chrome advisories for inherited CVEs...
Brave Desktop 1.74.48 Security Fixes
Fixed iframe download popup origin confusion as reported on HackerOne by syarif07. Upgraded Chromium to 132.0.6834.83 — refer to Google Chrome advisories for inherited CVEs...