Friday, May 2, 2025
HomeCVE/vulnerabilityBrave Browser Vulnerability Allows Malicious Website Appears as Trusted One

Brave Browser Vulnerability Allows Malicious Website Appears as Trusted One

Published on

SIEM as a Service

Follow Us on Google News

A security vulnerability has been identified in Brave Browser, potentially allowing malicious websites to masquerade as trusted ones during file upload or download operations.

The issue, tracked under CVE-2025-23086, affects specific versions of the Brave browser on desktop platforms, creating a risk for unsuspecting users.

Brave Browser Vulnerability

The vulnerability impacts Brave Browser versions 1.70.x to 1.73.x. A feature intended to display a website’s origin in the operating system’s file selector dialog failed to correctly infer the origin in certain scenarios.

- Advertisement - Google News

This flaw, when exploited alongside an open redirector vulnerability on a trusted website, could allow malicious actors to initiate file downloads that appear to originate from the trusted site.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

For example, if a user interacts with a malicious website leveraging an open redirect on a legitimate, trusted domain, the file selector dialog during upload or download may display the trusted website as the source instead of the actual malicious site.

This misrepresentation could trick users into believing the action is safe, potentially exposing them to phishing attacks or unknowingly downloading harmful files.

Affected Versions

The vulnerability affects Brave Desktop Browser versions between 1.70.117 and before 1.74.48. Specifically:

  • Affected: Versions from 1.70.117 to 1.73.x.
  • Unaffected: Versions prior to 1.70.117 or starting from 1.74.48.

Brave has already released an update (version 1.74.48 and newer) to address this issue, ensuring that the origin inference for file selectors functions correctly.

Brave Software acted swiftly upon identifying the vulnerability. The company has advised users to immediately update their browsers to the latest version (1.74.48 or newer) to mitigate the risk.

Users can verify their version by navigating to the browser’s settings menu under “About Brave.”

  1. Update Your Browser: If you are using Brave Desktop Browser, ensure your software is upgraded to version 1.74.48 or newer.
  2. Exercise Caution: Be wary of unexpected download prompts, even from sites that appear trusted.
  3. Report Suspicious Activity: If you encounter questionable behavior, report it to Brave’s security team or trusted cybersecurity professionals.

As the cybersecurity landscape continues to evolve, users are reminded to stay vigilant and maintain up-to-date software to protect against emerging threats.

Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Dutch Services Disrupted by DDoS Attacks From Russian-Affiliated Hacktivists

Multiple Dutch organizations have experienced significant service disruptions this week due to a series...

Seven Malicious Packages Exploit Gmail SMTP to Run Harmful Commands

A major supply chain security incident has rocked the Python open-source community as researchers...

CISA Issues New ICS Advisories Addressing Critical Vulnerabilities and Exploits

The Cybersecurity and Infrastructure Security Agency (CISA) has issued two new advisories revealing critical...

NVIDIA TensorRT-LLM Vulnerability Let Hackers Run Malicious Code

NVIDIA has issued an urgent security advisory after discovering a significant vulnerability (CVE-2025-23254) in...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Dutch Services Disrupted by DDoS Attacks From Russian-Affiliated Hacktivists

Multiple Dutch organizations have experienced significant service disruptions this week due to a series...

Seven Malicious Packages Exploit Gmail SMTP to Run Harmful Commands

A major supply chain security incident has rocked the Python open-source community as researchers...

CISA Issues New ICS Advisories Addressing Critical Vulnerabilities and Exploits

The Cybersecurity and Infrastructure Security Agency (CISA) has issued two new advisories revealing critical...