PT-2018-9539 · Brave · Brave
Diracdeltas
·
Publicado
2018-12-20
·
Atualizado
2019-02-06
·
CVE-2018-1000815
CVSS v3.1
4.3
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Brave version 0.22.810 through 0.24.0
Description
The issue allows websites to run inline JavaScript even if script is blocked, making it easier for attackers to track users. This can be exploited when a victim visits a specially crafted website. The function
ContentSettingsObserver::AllowScript() in content settings observer.cc is affected.Recommendations
For versions 0.22.810 through 0.24.0, update to version 0.25.2 to resolve the issue.
Correção
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Brave