We found results for “”
WS-2023-0345
Good to know:
Date: October 11, 2023
There is a UAF (Use After Free) vulnerability in the renderer implementation of the Ethereum wallet in Brave. When the Ethereum wallet is connected, every V8 render gets this piece of code installed, creating a new object ethereum accessible from V8. This may lead to Code Execution on the renderer process.
Language: C++
Severity Score
Severity Score
Weakness Type (CWE)
Use After Free
CWE-416Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | HIGH |