MAL-2022-1673 Malicious code in brave-ios (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware aacc360cc09bd65e62d9c77b71ca5869656bf12e6dfc5bd4af918c92fd090ed8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Brave Software: Universal XSS with Playlist feature

A Universal XSS vulnerability was discovered in Brave iOS versions 1.32.3 and higher. The vulnerability was caused by three weaknesses, including the exposure of UserScriptManager.securityToken and UserScriptManager.messageHandlerToken, as well as a UXSS vulnerability in PlaylistHelper through...

Brave Software: Phishing/Malware site blocking on Brave iOS can be bypassed with trailing dot in hostname

A vulnerability was discovered in Brave iOS nightly build that allowed bypassing of the phishing/malware site blocking feature by adding a trailing dot in the hostname. This allowed users to access prohibited sites without being blocked by Brave Shield protection...

Brave Software: Universal XSS through FIDO U2F register from subframe

A vulnerability was discovered in Brave's FIDO U2F implementation that allowed cross-domain subframe to inject any JavaScript code to the top frame through fake U2F registration process, resulting in Universal XSS. The vulnerability affected Brave iOS Version 1.20 20.09.11.20 and current Nightly...

Brave Software: HTML injection in title of reader view

HTML injection was possible in the title of the reader view in Brave iOS version 1.20 and current Nightly. This allowed any page to inject malicious HTML code in the reader-mode page through html code you want to inject. This vulnerability could be exploited to steal user's sensitive information...