Syarif07

**Name of the Vulnerable Software and Affected Versions** Brave Browser versions 1.70.x through 1.73.x **Description** The issue arises from a feature that displays a site's origin on the OS-provided file selector dialog when a site prompts the user to upload or download a file. However, the origin is not correctly inferred in some cases. When combined with an open redirector vulnerability on a trusted site, this could allow a malicious site to initiate a download whose origin in the file select dialog appears as the trusted site which initiated the redirect. **Recommendations** For Brave Browser versions 1.70.x through 1.73.x, consider disabling the feature that shows a site's origin on the OS-provided file selector dialog until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.