VYPR

Brave Browser

by Brave Software

Source repositories

CVEs (7)

  • CVE-2016-10718HigApr 4, 2018
    risk 0.46cvss 7.5epss 0.13

    Brave Browser before 0.13.0 allows a tab to close itself even if the tab was not opened by a script, resulting in denial of service.

  • CVE-2021-22917MedJul 12, 2021
    risk 0.42cvss 6.5epss 0.01

    Brave Browser Desktop between versions 1.17 and 1.20 is vulnerable to information disclosure by way of DNS requests in Tor windows not flowing through Tor if adblocking was enabled.

  • CVE-2023-28364MedJul 1, 2023
    risk 0.40cvss 6.1epss 0.00

    An Open Redirect vulnerability exists prior to version 1.52.117, where the built-in QR scanner in Brave Browser Android navigated to scanned URLs automatically without showing the URL first. Now the user must manually navigate to the URL.

  • CVE-2021-22929MedAug 31, 2021
    risk 0.40cvss 6.1epss 0.00

    An information disclosure exists in Brave Browser Desktop prior to version 1.28.62, where logged warning messages that included timestamps of connections to V2 onion domains in tor.log.

  • CVE-2017-1000461MedJan 3, 2018
    risk 0.31cvss 4.7epss 0.01

    Brave Software's Brave Browser, version 0.19.73 (and earlier) is vulnerable to an incorrect access control issue in the "JS fingerprinting blocking" component, resulting in a malicious website being able to access the fingerprinting-associated browser functionality (that the…

  • CVE-2016-9473MedMar 28, 2017
    risk 0.31cvss 4.7epss 0.02

    Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier suffer from Full Address Bar Spoofing, allowing attackers to trick a victim by displaying a malicious page for legitimate domain names.

  • CVE-2022-47932MedDec 24, 2022
    risk 0.00cvss 6.5epss 0.01

    Brave Browser before 1.43.34 allowed a remote attacker to cause a denial of service via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This vulnerability is caused by an incomplete fix for CVE-2022-47933.