PT-2018-9539 · Brave · Brave
Diracdeltas
·
Published
2018-12-20
·
Updated
2019-02-06
·
CVE-2018-1000815
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Brave version 0.22.810 through 0.24.0
Description
The issue allows websites to run inline JavaScript even if script is blocked, making it easier for attackers to track users. This can be exploited when a victim visits a specially crafted website. The function
ContentSettingsObserver::AllowScript() in content settings observer.cc is affected.Recommendations
For versions 0.22.810 through 0.24.0, update to version 0.25.2 to resolve the issue.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Brave