39/68 Wednesday, January 29, 2025
A security vulnerability in the Brave Browser, a popular choice among users, has been discovered in desktop versions 1.70.x to 1.73.x. This vulnerability, identified as CVE-2025-23086, falls under CWE-60, which relates to source data tampering. It allows malicious websites to appear as trusted sources during file uploads or downloads.
The issue arises from a security feature designed to display the website’s origin in the file dialog box. However, under certain conditions, the displayed information may be incorrect. This vulnerability can also be exploited in combination with an open redirect vulnerability, a tactic that enables attackers to redirect users to fraudulent websites without proper validation. The potential impact includes malware downloads, personal data exposure, and phishing attacks. This vulnerability has been classified as medium severity, with a base score of 6.1.
To mitigate the risk, users are advised to update Brave Browser to version 1.74.48 or later, which includes a fix for this issue. Additionally, users should verify website authenticity, avoid clicking on suspicious email links, and install security tools such as browser extensions that protect against phishing and unsafe redirects. It is also essential to carefully check the source of any file before downloading.
Source https://hackread.com/brave-desktop-browser-vulnerability-malicious-sites-trusted/
