71 matches found
Brave Desktop 1.90.128 Security Fixes
Updated wallet to handle more "Permit" type warnings in the "Sign" panel as reported on HackerOne by syarif07. - Fix wallet provider binding issue as reported on HackerOne by shinchan69. Upgraded Chromium to 148.0.7778.217 — refer to Google Chrome advisories for inherited CVEs...
Brave Android 1.90.128 Security Fixes
Fix wallet provider binding issue as reported on HackerOne by shinchan69. Upgraded Chromium to 148.0.7778.217 — refer to Google Chrome advisories for inherited CVEs...
Brave Desktop 1.90.121 Security Fixes
Changed IPFS gateway usage from "ipfs.io" to "inbrowser.link" for IPFS domain resolution. - Fixed broken address bar layout for narrow window widths. - Updated body-sniffing to respect "Content-Disposition: attachment" in de-AMP as reported on HackerOne by newfunction. Upgraded Chromium to...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the convertUrlRoute and screenshotUrlRoute processes. An attacker can access sensitive files belonging to other users' in-flight conversion requests by submitting specially crafted file:// URLs pointi...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the FilterOutboundURL process. An attacker can access internal network resources and retrieve sensitive information by exploiting DNS rebinding to bypass outbound URL filtering. This is only...
Brave Desktop 1.88.134 Security Fixes
Fixed "Gate3" explorer URL validation to prevent XSS. Upgraded Chromium to 146.0.7680.153 — refer to Google Chrome advisories for inherited CVEs...
Brave Android 1.88.128 Security Fixes
Fixed race condition which could result in incorrect origin being displayed on Brave Wallet as reported on HackerOne by b4dc4t. Upgraded Chromium to 146.0.7680.111 — refer to Google Chrome advisories for inherited CVEs...
Brave Desktop 1.88.127 Security Fixes
Fixed race condition which could result in incorrect origin being displayed on Brave Wallet as reported on HackerOne by b4dc4t. Upgraded Chromium to 146.0.7680.71 — refer to Google Chrome advisories for inherited CVEs...
Fedora 42 : cef (2026-95fffce421)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-95fffce421 advisory. Bump to cef-145.0.28+g51162e8 + chromium 145.0.7632.159 rhbz2437035 CVE-2026-3536: Integer overflow in ANGLE CVE-2026-3537: Object lifecycle issue i...
Brave Desktop 1.85.120 Security Fixes
Updated Picture-in-Picture PiP to display origin as reported on HackerOne by frozzipies. Upgraded Chromium to 143.0.7499.192 — refer to Google Chrome advisories for inherited CVEs...
Fedora 43 : chromium (2025-cd7567466d)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-cd7567466d advisory. Update to 143.0.7499.146 High CVE-2025-14765: Use after free in WebGPU High CVE-2025-14766: Out of bounds read and write in V8 Force dark mode when...
Brave Android 1.85.112 Security Fixes
Enabled WASM Interpreter when JIT is disabled. Upgraded Chromium to 143.0.7499.52 — refer to Google Chrome advisories for inherited CVEs...
Brave Desktop 1.84.132 Security Fixes
Disabled "navigator.share" in Tor windows. - Set secure clipboard flag when copying Brave Sync code words as reported on HackerOne by newfunction. 47841 & 47880 Upgraded Chromium to 142.0.7444.60 — refer to Google Chrome advisories for inherited CVEs...
Brave Desktop 1.83.108 Security Fixes
Updated split view to respect SameSite attribute as reported on HackerOne by mingijung. - Removed incorrectly elided URL from shields panel as reported on HackerOne by apapedulimu. Upgraded Chromium to 141.0.7390.55 — refer to Google Chrome advisories for inherited CVEs...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the ANGLE component. An attacker can achieve heap corruption and potentially execute arbitrary code by sending specially crafted network traffic. Remediation Upgrade chromium to version 140.0.7339.185 or...
Use After Free
Overview Affected versions of this package are vulnerable to Use After Free via the Dawn component. An attacker can achieve heap corruption and potentially execute arbitrary code by enticing a user to visit a specially crafted HTML page. Remediation Upgrade chromium to version 140.0.7339.185 or...
Use After Free
Overview Affected versions of this package are vulnerable to Use After Free via the WebRTC process. An attacker can achieve heap corruption and potentially execute arbitrary code by enticing a user to visit a specially crafted HTML page. Remediation Upgrade chromium to version 140.0.7339.185 or...
External Control of Assumed-Immutable Web Parameter
Overview Affected versions of this package are vulnerable to External Control of Assumed-Immutable Web Parameter via the V8 process. An attacker can cause heap corruption by enticing a user to visit a specially crafted HTML page. Remediation Upgrade chromium to version 140.0.7339.207 or higher...
External Control of Assumed-Immutable Web Parameter
Overview Affected versions of this package are vulnerable to External Control of Assumed-Immutable Web Parameter via the V8 process. An attacker can cause heap corruption by enticing a user to visit a specially crafted HTML page. Remediation Upgrade chromium to version 140.0.7339.207 or higher...
Brave Desktop 1.82.170 Security Fixes
Enhanced validation for hardware wallet bridge communication as reported on HackerOne by oblivionsage. Upgraded Chromium to 140.0.7339.186 — refer to Google Chrome advisories for inherited CVEs...