CVE-2018-1000815

MEDIUM

Brave <0.24.0 - Script Execution Despite Blocked Setting

Title source: llm
STIX 2.1

Description

Brave Software Inc. Brave version version 0.22.810 to 0.24.0 contains a Other/Unknown vulnerability in function ContentSettingsObserver::AllowScript() in content_settings_observer.cc that can result in Websites can run inline JavaScript even if script is blocked, making attackers easier to track users. This attack appear to be exploitable via the victim must visit a specially crafted website. This vulnerability appears to have been fixed in 0.25.2.

References (3)

Core 3

Scores

CVSS v3 4.3
EPSS 0.0112
EPSS Percentile 62.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Details

CWE
CWE-20
Status published
Products (1)
brave/brave 0.22.810 - 0.24.0
Published Dec 20, 2018
Tracked Since Feb 18, 2026