Description
An information disclosure exists in Brave Browser Desktop prior to version 1.28.62, where logged warning messages that included timestamps of connections to V2 onion domains in tor.log.
References (1)
Core 1
Core References
Exploit, Patch, Third Party Advisory x_refsource_misc
https://hackerone.com/reports/1249056
Scores
CVSS v3
6.1
EPSS
0.0041
EPSS Percentile
32.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
Details
CWE
CWE-312
CWE-532
Status
published
Products (1)
brave/brave
< 1.28.62
Published
Aug 31, 2021
Tracked Since
Feb 18, 2026