CVE-2025-48980

MEDIUM

Brave Browser Desktop <1.83.10 - Info Disclosure

Title source: llm

Description

In Brave Browser Desktop versions prior to 1.83.10 that have the split view feature enabled, the "Open Link in Split View" context menu item did not respect the SameSite cookie attribute. Therefore SameSite=Strict cookies would be sent on a cross-site navigation using this method.

References (1)

[Third Party Advisory] https://hackerone.com/reports/3253725

Scores

CVSS v3 6.5

EPSS 0.0004

EPSS Percentile 13.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-565

Status published

Products (1)

Brave/Desktop Browser 1.83.10

Published Oct 31, 2025

Tracked Since Feb 18, 2026