Main Vulnerability Database SB2021022210

SB2021022210 - Information disclosure in Brave browser

Published: February 22, 2021

Security Bulletin ID SB2021022210

Severity

Medium

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Information disclosure (CVE-ID: N/A)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote attacker can access .onion dark web domains inside Brave private browsing windows without having to install Tor as a separate software package.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://www.zdnet.com/article/brave-browser-leaks-onion-addresses-in-dns-traffic/