Brave Software: Information disclosure

Vulnerability tested on:- Brave 1.29.81 Chromium: 93.0.4577.82 Official Build 64-bit Vulnerability description:- For security measures and for privacy purposes, Brave has the ability to open a normal tab of the Brave when we navigate to: chrome://wallet, chrome://history etc. due to the reason th...

Brave Software: Brave Browser permanently timestamps & logs connection times for all v2 domains ~/.config/BraveSoftware/Brave-Browser/tor/data/tor.log

Summary: A vulnerability in the Brave Browser v1.28.43 and below allows a local or physical attacker to view the exact timestamps that a user connected to a v2 onion address. A local or physical attacker could read /.config/BraveSoftware/Brave-Browser/tor/data/tor.log identify the exact moment a...

Brave Software: Brave Browser potentially logs the last time a Tor window was used

Summary: A vulnerability in the Brave Browser allows an attacker to view the last time a Tor session was used in incognito mode. A local, on-disk attacker could read the Brave Browser's "Local State" json file and identify the last time a Tor session was used, affecting the confidentiality of a...