CVE-2018-1000815

Published
View on NVD ↗
CVSS v3
N/A
CVSS v2
4.3
MEDIUM
Affected
2
PROJECTS

Description

Brave Software Inc. Brave version version 0.22.810 to 0.24.0 contains a Other/Unknown vulnerability in function ContentSettingsObserver::AllowScript() in content_settings_observer.cc that can result in Websites can run inline JavaScript even if script is blocked, making attackers easier to track users. This attack appear to be exploitable via the victim must visit a specially crafted website. This vulnerability appears to have been fixed in 0.25.2.

brave/muon
brave/muon
[DEPRECATED] Build browsers and browser like applications with HTML, CSS, and JavaScript
GitHubGitHub
966
brave/browser-laptop
brave/browser-laptop
[DEPRECATED] Please see https://github.com/brave/brave-browser for the current version of Brave
GitHubGitHub
7.92K