brave/brave-core

brave/brave-core

Releases11.8K

Frequency5 hours

Last Release about 23 hours ago

Stars3.37K

Core engine for the Brave browser for mobile and desktop. For issues https://github.com/brave/brave-browser/issues

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-52263 ↗	Dec 30, 2023Saturday, 30 December 2023, 19:15	6.1 MEDIUM	—
Brave Browser before 1.59.40 does not properly restrict the schema for WebUI factory and redirect. This is related to browser/brave_content_browser_client.cc and browser/ui/webui/brave_web_ui_controller_factory.cc.
CVE-2022-47932 ↗	Dec 24, 2022Saturday, 24 December 2022, 22:15	6.5 MEDIUM	—
Brave Browser before 1.43.34 allowed a remote attacker to cause a denial of service via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This vulnerability is caused by an incomplete fix for CVE-2022-47933.
CVE-2022-47933 ↗	Dec 24, 2022Saturday, 24 December 2022, 22:15	6.5 MEDIUM	—
Brave Browser before 1.42.51 allowed a remote attacker to cause a denial of service via a crafted HTML file that references the IPFS scheme. This vulnerability is caused by an uncaught exception in the function ipfs::OnBeforeURLRequest_IPFSRedirectWork() in ipfs_redirect_network_delegate_helper.cc.
CVE-2022-47934 ↗	Dec 24, 2022Saturday, 24 December 2022, 22:15	6.5 MEDIUM	—
Brave Browser before 1.43.88 allowed a remote attacker to cause a denial of service in private and guest windows via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This is caused by an incomplete fix for CVE-2022-47932 and CVE-2022-47934.
CVE-2022-30334 ↗	May 7, 2022Saturday, 7 May 2022, 05:15	5.3 MEDIUM	5 MEDIUM
Brave before 1.34, when a Private Window with Tor Connectivity is used, leaks .onion URLs in Referer and Origin headers. NOTE: although this was fixed by Brave, the Brave documentation still advises "Note that Private Windows with Tor Connectivity in Brave are just regular private windows that use Tor as a proxy. Brave does NOT implement most of the privacy protections from Tor Browser."
CVE-2021-45884 ↗	Dec 27, 2021Monday, 27 December 2021, 22:15	7.5 HIGH	4.3 MEDIUM
In Brave Desktop 1.17 through 1.33 before 1.33.106, when CNAME-based adblocking and a proxying extension with a SOCKS fallback are enabled, additional DNS requests are issued outside of the proxying extension using the system's DNS settings, resulting in information disclosure. NOTE: this issue exists because of an incomplete fix for CVE-2021-21323 and CVE-2021-22916.
CVE-2021-21323 ↗	Feb 23, 2021Tuesday, 23 February 2021, 23:15	4.3 MEDIUM	4.3 MEDIUM
Brave is an open source web browser with a focus on privacy and security. In Brave versions 1.17.73-1.20.103, the CNAME adblocking feature added in Brave 1.17.73 accidentally initiated DNS requests that bypassed the Brave Tor proxy. Users with adblocking enabled would leak DNS requests from Tor windows to their DNS provider. (DNS requests that were not initiated by CNAME adblocking would go through Tor as expected.) This is fixed in Brave version 1.20.108