Brave

Brave

16 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.1

CVE-2025-68508

  • EPSS 0.05%
  • Veröffentlicht 24.12.2025 12:31:20
  • Zuletzt bearbeitet 20.01.2026 15:19:42

Missing Authorization vulnerability in Brave Brave brave-popup-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brave: from n/a through <= 0.8.3.

4.3

CVE-2023-28360

  • EPSS 0.12%
  • Veröffentlicht 11.05.2023 22:15:10
  • Zuletzt bearbeitet 27.01.2025 17:15:12

An omission of security-relevant information vulnerability exists in Brave desktop prior to version 1.48.171 when a user was saving a file there was no download safety check dialog presented to the user.

6.5

CVE-2022-47932

Exploit
  • EPSS 0.76%
  • Veröffentlicht 24.12.2022 22:15:09
  • Zuletzt bearbeitet 15.04.2025 14:15:38

Brave Browser before 1.43.34 allowed a remote attacker to cause a denial of service via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This vulnerability is caused by an incomplete fix for CVE-2022-47933.

6.5

CVE-2022-47933

Exploit
  • EPSS 0.73%
  • Veröffentlicht 24.12.2022 22:15:09
  • Zuletzt bearbeitet 15.04.2025 14:15:38

Brave Browser before 1.42.51 allowed a remote attacker to cause a denial of service via a crafted HTML file that references the IPFS scheme. This vulnerability is caused by an uncaught exception in the function ipfs::OnBeforeURLRequest_IPFSRedirectWo...

6.5

CVE-2022-47934

Exploit
  • EPSS 0.73%
  • Veröffentlicht 24.12.2022 22:15:09
  • Zuletzt bearbeitet 15.04.2025 14:15:39

Brave Browser before 1.43.88 allowed a remote attacker to cause a denial of service in private and guest windows via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This is caused by an incomplete fix for CVE-2022-47932 and CVE-2022-4793...

5.3

CVE-2022-30334

Exploit
  • EPSS 0.39%
  • Veröffentlicht 07.05.2022 05:15:06
  • Zuletzt bearbeitet 21.11.2024 07:02:36

Brave before 1.34, when a Private Window with Tor Connectivity is used, leaks .onion URLs in Referer and Origin headers. NOTE: although this was fixed by Brave, the Brave documentation still advises "Note that Private Windows with Tor Connectivity in...

7.5

CVE-2021-45884

Exploit
  • EPSS 0.37%
  • Veröffentlicht 27.12.2021 22:15:07
  • Zuletzt bearbeitet 21.11.2024 06:33:11

In Brave Desktop 1.17 through 1.33 before 1.33.106, when CNAME-based adblocking and a proxying extension with a SOCKS fallback are enabled, additional DNS requests are issued outside of the proxying extension using the system's DNS settings, resultin...

6.1

CVE-2021-22929

Exploit
  • EPSS 0.02%
  • Veröffentlicht 31.08.2021 17:15:07
  • Zuletzt bearbeitet 21.11.2024 05:50:56

An information disclosure exists in Brave Browser Desktop prior to version 1.28.62, where logged warning messages that included timestamps of connections to V2 onion domains in tor.log.

5.9

CVE-2021-22916

  • EPSS 0.19%
  • Veröffentlicht 12.07.2021 11:15:07
  • Zuletzt bearbeitet 21.11.2024 05:50:54

In Brave Desktop between versions 1.17 and 1.26.60, when adblocking is enabled and a proxy browser extension is installed, the CNAME adblocking feature issues DNS requests that used the system DNS settings instead of the extension's proxy settings, r...

5.3

CVE-2021-21323

  • EPSS 0.27%
  • Veröffentlicht 23.02.2021 23:15:13
  • Zuletzt bearbeitet 21.11.2024 05:48:01

Brave is an open source web browser with a focus on privacy and security. In Brave versions 1.17.73-1.20.103, the CNAME adblocking feature added in Brave 1.17.73 accidentally initiated DNS requests that bypassed the Brave Tor proxy. Users with adbloc...