Home > Vulnerability Database > WS-2023-0188

Mend.io Vulnerability Database

WS-2023-0188

Good to know:

Date: June 22, 2023

Brave for iOS protects privileged JS to native bridges by using random JavaScript handler names and security tokens. However, by altering window.braveBlockRequests property from scripts on the web page, these secret values can be stolen. The impact depends on which bridge is abused. As further features are implemented in the Brave, its potential risk tends to be increased.

Language: Swift

Severity Score

7.5

Related Resources (2)

Url: https://github.com/brave/brave-ios/commit/57e93e5429ca07fea63a80da8588b07e9077904d

Url: https://www.mend.io/vulnerability-database/WS-2023-0188

Severity Score

7.5

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

Top Fix

Upgrade Version

Upgrade to version v1.42

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2023-0188

Good to know:

Date: June 22, 2023

Language: Swift

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?