Vulnerability DatabaseWS-2023-0188
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
WS-2023-0188
June 22, 2023
Brave for iOS protects privileged JS to native bridges by using random JavaScript handler names and security tokens. However, by altering window.braveBlockRequests property from scripts on the web page, these secret values can be stolen. The impact depends on which bridge is abused. As further features are implemented in the Brave, its potential risk tends to be increased.
Related Resources (1)
https://github.com/brave/brave-ios/commit/57e93e5429ca07fea63a80da8588b07e9077904d
Do you need more information?
Contact Us
CVSS v4
Base Score:
8.7
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
NONE
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE