Brave Browser Vulnerability Let Malicious Website Mimic as Legitimate One
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
A recently identified vulnerability in the Brave browser has raised significant security concerns for its users. The issue, tracked as CVE-2025-23086, affects desktop versions of Brave from 1.70.x to 1.73.x.
It involves a flaw in how the browser displays the origin of a site in the file selector dialog during file upload or download prompts.
This vulnerability could allow malicious websites to pose as trusted domains, potentially deceiving users into downloading harmful files.
Overview of the Vulnerability
The vulnerability stems from Brave’s feature that displays the origin of a site in the operating system’s file selector dialog.
This feature is intended to enhance user awareness of a site’s legitimacy when interacting with file uploads or downloads. However, in certain scenarios, the origin was not correctly inferred.
When combined with an open redirect vulnerability on a trusted site, attackers could exploit this flaw to make a malicious site appear as though it originated from the trusted domain in the file selector dialog.
An open redirect vulnerability occurs when a legitimate website allows user-controlled input to redirect users to external URLs without sufficient validation.
This vulnerability significantly undermines user trust and security by enabling phishing attacks and malware distribution. Users could be tricked into downloading files or sharing sensitive information under the assumption they are interacting with a legitimate site.
The vulnerability was disclosed to Brave Software by the bug hunter, Syarif Muhammad Sajjad.
Affected Versions
Brave Software has addressed this issue in version 1.74.48 by correcting how site origins are displayed in file selector dialogs and improving validation mechanisms for open redirects.
Users are advised to remain cautious when downloading files, even from seemingly trusted sources, and to always verify the authenticity of download prompts and file origins.
Enabling automatic updates for Brave Browser can help ensure timely protection against newly discovered vulnerabilities.
#Browser #Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news
Оригинальная версия на сайте:
Brave Browser Vulnerability Let Malicious Website Mimic as Legitimate One
Author: Guru BaranA recently identified vulnerability in the Brave browser has raised significant security concerns for its users. The issue, tracked as CVE-2025-23086, affects desktop versions of Brave from 1.70.x to 1.73.x.
It involves a flaw in how the browser displays the origin of a site in the file selector dialog during file upload or download prompts.
This vulnerability could allow malicious websites to pose as trusted domains, potentially deceiving users into downloading harmful files.
Overview of the Vulnerability
The vulnerability stems from Brave’s feature that displays the origin of a site in the operating system’s file selector dialog.
This feature is intended to enhance user awareness of a site’s legitimacy when interacting with file uploads or downloads. However, in certain scenarios, the origin was not correctly inferred.
When combined with an open redirect vulnerability on a trusted site, attackers could exploit this flaw to make a malicious site appear as though it originated from the trusted domain in the file selector dialog.
An open redirect vulnerability occurs when a legitimate website allows user-controlled input to redirect users to external URLs without sufficient validation.
This vulnerability significantly undermines user trust and security by enabling phishing attacks and malware distribution. Users could be tricked into downloading files or sharing sensitive information under the assumption they are interacting with a legitimate site.
The vulnerability was disclosed to Brave Software by the bug hunter, Syarif Muhammad Sajjad.
Affected Versions
- Vulnerable: Brave Desktop Browser versions up to 1.74.47.
- Fixed: Version 1.74.48 and later.
Brave Software has addressed this issue in version 1.74.48 by correcting how site origins are displayed in file selector dialogs and improving validation mechanisms for open redirects.
Users are advised to remain cautious when downloading files, even from seemingly trusted sources, and to always verify the authenticity of download prompts and file origins.
Enabling automatic updates for Brave Browser can help ensure timely protection against newly discovered vulnerabilities.
#Browser #Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news
Оригинальная версия на сайте:
