Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-1000815

Brave Software Inc. Brave version version 0.22.810 to 0.24.0 contains a Other/Unknown vulnerability in function ContentSettingsObserver::AllowScript() in content_settings_observer.cc that can result in Websites can run inline JavaScript even if script is blocked, making attackers easier to track users. This attack appear to be exploitable via the victim must visit a specially crafted website. This vulnerability appears to have been fixed in 0.25.2.

Published

2018-12-20T15:29:00.547

Last Modified

2024-11-21T03:40:24.970

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	brave	brave	≤ 0.24.0	Yes

References

https://github.com/brave/browser-laptop/issues/15232 Patch, Third Party Advisory ([email protected])
https://github.com/brave/muon/commit/c18663aa171c6cdf03da3e8c70df8663645b97c4 Patch ([email protected])
https://github.com/brave/muon/pull/651 Patch ([email protected])
https://github.com/brave/browser-laptop/issues/15232 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/brave/muon/commit/c18663aa171c6cdf03da3e8c70df8663645b97c4 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/brave/muon/pull/651 Patch (af854a3a-2127-422b-91ae-364da2661108)