Description
In Brave Android prior to v1.67.116, domains in the Brave Shields popup are elided from the right instead of the left, which may lead to domain confusion.
References (1)
Core 1
Core References
Third Party Advisory
https://hackerone.com/reports/2501378
Scores
CVSS v3
7.5
EPSS
0.0037
EPSS Percentile
28.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-20
Status
published
Products (1)
Brave/Android Browser
1.67.116
Published
Sep 18, 2024
Tracked Since
Feb 18, 2026