Vulnerability Description
Brave Software Inc. Brave version version 0.22.810 to 0.24.0 contains a Other/Unknown vulnerability in function ContentSettingsObserver::AllowScript() in content_settings_observer.cc that can result in Websites can run inline JavaScript even if script is blocked, making attackers easier to track users. This attack appear to be exploitable via the victim must visit a specially crafted website. This vulnerability appears to have been fixed in 0.25.2.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Brave | Brave | >= 0.22.810, <= 0.24.0 |
Related Weaknesses (CWE)
References
- https://github.com/brave/browser-laptop/issues/15232PatchThird Party Advisory
- https://github.com/brave/muon/commit/c18663aa171c6cdf03da3e8c70df8663645b97c4Patch
- https://github.com/brave/muon/pull/651Patch
- https://github.com/brave/browser-laptop/issues/15232PatchThird Party Advisory
- https://github.com/brave/muon/commit/c18663aa171c6cdf03da3e8c70df8663645b97c4Patch
- https://github.com/brave/muon/pull/651Patch
FAQ
What is CVE-2018-1000815?
CVE-2018-1000815 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Brave Software Inc. Brave version version 0.22.810 to 0.24.0 contains a Other/Unknown vulnerability in function ContentSettingsObserver::AllowScript() in content_settings_observer.cc that can result i...
How severe is CVE-2018-1000815?
CVE-2018-1000815 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-1000815?
Check the references section above for vendor advisories and patch information. Affected products include: Brave Brave.