CVE-2017-18256

MEDIUM

Brave Browser < 0.13.0 - Denial of Service via Long JavaScript Alert Argument

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-18256. PoCs published by Sahil Tikoo.

AI-analyzed exploit summary This exploit demonstrates a Denial of Service (DoS) vulnerability in Brave Browser versions prior to 0.13.0 by consuming excessive resources via an overly long argument passed to the JavaScript alert() function.

Description

Brave Browser before 0.13.0 allows remote attackers to cause a denial of service (resource consumption) via a long alert() argument in JavaScript code, because window dialogs are mishandled.

Exploits (1)

exploitdb WORKING POC
by Sahil Tikoo · textdoswindows
https://www.exploit-db.com/exploits/44474

This exploit demonstrates a Denial of Service (DoS) vulnerability in Brave Browser versions prior to 0.13.0 by consuming excessive resources via an overly long argument passed to the JavaScript alert() function.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Brave Browser < 0.13.0
No auth needed
Prerequisites: A target running Brave Browser < 0.13.0 · Ability to execute JavaScript in the target's browser context
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_confirm
https://hackerone.com/reports/176066
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44474/

Scores

CVSS v3 6.5
EPSS 0.0511
EPSS Percentile 91.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

Status published
Products (1)
brave/brave_browser < 0.13.0
Published Apr 04, 2018
Tracked Since Feb 18, 2026