632 matches found
Brave Desktop 1.88.134 Security Fixes
Fixed "Gate3" explorer URL validation to prevent XSS. Upgraded Chromium to 146.0.7680.153 — refer to Google Chrome advisories for inherited CVEs...
Brave Android 1.88.128 Security Fixes
Fixed race condition which could result in incorrect origin being displayed on Brave Wallet as reported on HackerOne by b4dc4t. Upgraded Chromium to 146.0.7680.111 — refer to Google Chrome advisories for inherited CVEs...
Brave Desktop 1.88.127 Security Fixes
Fixed race condition which could result in incorrect origin being displayed on Brave Wallet as reported on HackerOne by b4dc4t. Upgraded Chromium to 146.0.7680.71 — refer to Google Chrome advisories for inherited CVEs...
How Manifest v3 forced us to rethink Browser Guard, and why that’s a good thing
As a Browser Guard user, you might not have noticed much difference lately. Browser Guard still blocks scams and phishing attempts just like always, and, in many cases, even better. But behind the scenes, almost everything changed. The rules that govern how browser extensions work went through a...
One privacy change I made for 2026 (Lock and Code S07E02)
This week on the Lock and Code podcast … When you hear the words "data privacy," what do you first imagine? Maybe you picture going into your social media apps and setting your profile and posts to private. Maybe you think about who you've shared your location with and deciding to revoke some of...
CVE-2018-10799
A hang issue was discovered in Brave before 0.14.0 on, for example, Linux. This vulnerability is caused by the mishandling of a long URL formed by window.location+='?\u202a\uFEFF\u202b'; concatenation in a SCRIPT element...
CVE-2018-1000815
Brave Software Inc. Brave version version 0.22.810 to 0.24.0 contains a Other/Unknown vulnerability in function ContentSettingsObserver::AllowScript in contentsettingsobserver.cc that can result in Websites can run inline JavaScript even if script is blocked, making attackers easier to track user...
CVE-2021-22916
In Brave Desktop between versions 1.17 and 1.26.60, when adblocking is enabled and a proxy browser extension is installed, the CNAME adblocking feature issues DNS requests that used the system DNS settings instead of the extension's proxy settings, resulting in possible information disclosure...
CVE-2021-22917
Brave Browser Desktop between versions 1.17 and 1.20 is vulnerable to information disclosure by way of DNS requests in Tor windows not flowing through Tor if adblocking was enabled...
CVE-2025-23086
On most desktop platforms, Brave Browser versions 1.70.x-1.73.x included a feature to show a site's origin on the OS-provided file selector dialog when a site prompts the user to upload or download a file. However the origin was not correctly inferred in some cases. When combined with an open...
Brave Desktop 1.85.120 Security Fixes
Updated Picture-in-Picture PiP to display origin as reported on HackerOne by frozzipies. Upgraded Chromium to 143.0.7499.192 — refer to Google Chrome advisories for inherited CVEs...
WordPress Brave plugin missing authorization vulnerability
WordPress Brave plugin by Brave Software develops Brave Browser Extensions for WordPress integration. A lack of authorization vulnerability exists in the WordPress Brave plugin, which can be exploited by an attacker to cause the exploitation of a misconfigured access control security level...
CVE-2025-68508
Missing Authorization vulnerability in Brave Brave brave-popup-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brave: from n/a through = 0.8.3...
EUVD-2025-205207
Missing Authorization vulnerability in Brave Brave brave-popup-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brave: from n/a through = 0.8.3...
CVE-2025-68508
Missing Authorization vulnerability in Brave Brave brave-popup-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brave: from n/a through = 0.8.3...
CVE-2025-68508
CVE-2025-68508 affects the WordPress Brave plugin’s brave-popup-builder component (Brave Brave plugin) up to version 0.8.3. The root cause is missing/incorrect authorization due to misconfigured access control levels, enabling a broken access control vulnerability. Reported details across multipl...
CVE-2025-68508 WordPress Brave plugin <= 0.8.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in Brave Brave brave-popup-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brave: from n/a through = 0.8.3...
CVE-2025-68508 WordPress Brave plugin <= 0.8.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in Brave Brave brave-popup-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brave: from n/a through = 0.8.3...
PT-2025-53080
Name of the Vulnerable Software and Affected Versions Brave versions through 0.8.3 Description A missing authorization issue exists in Brave's brave-popup-builder component. This allows exploitation due to incorrectly configured access control security levels. Recommendations Update to a version...
WordPress plugin Brave 安全漏洞
WordPress Brave plugin by Brave Software develops Brave Browser Extensions for WordPress integration. A lack of authorization vulnerability exists in the WordPress Brave plugin, which can be exploited by an attacker to cause the exploitation of a misconfigured access control security level...