Cyber Security News

Brave Browser Vulnerability Allows Malicious Website Appears as Trusted One

A security vulnerability has been identified in Brave Browser, potentially allowing malicious websites to masquerade as trusted ones during file upload or download operations.

The issue, tracked under CVE-2025-23086, affects specific versions of the Brave browser on desktop platforms, creating a risk for unsuspecting users.

Brave Browser Vulnerability

The vulnerability impacts Brave Browser versions 1.70.x to 1.73.x. A feature intended to display a website’s origin in the operating system’s file selector dialog failed to correctly infer the origin in certain scenarios.

This flaw, when exploited alongside an open redirector vulnerability on a trusted website, could allow malicious actors to initiate file downloads that appear to originate from the trusted site.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

For example, if a user interacts with a malicious website leveraging an open redirect on a legitimate, trusted domain, the file selector dialog during upload or download may display the trusted website as the source instead of the actual malicious site.

This misrepresentation could trick users into believing the action is safe, potentially exposing them to phishing attacks or unknowingly downloading harmful files.

Affected Versions

The vulnerability affects Brave Desktop Browser versions between 1.70.117 and before 1.74.48. Specifically:

  • Affected: Versions from 1.70.117 to 1.73.x.
  • Unaffected: Versions prior to 1.70.117 or starting from 1.74.48.

Brave has already released an update (version 1.74.48 and newer) to address this issue, ensuring that the origin inference for file selectors functions correctly.

Brave Software acted swiftly upon identifying the vulnerability. The company has advised users to immediately update their browsers to the latest version (1.74.48 or newer) to mitigate the risk.

Users can verify their version by navigating to the browser’s settings menu under “About Brave.”

  1. Update Your Browser: If you are using Brave Desktop Browser, ensure your software is upgraded to version 1.74.48 or newer.
  2. Exercise Caution: Be wary of unexpected download prompts, even from sites that appear trusted.
  3. Report Suspicious Activity: If you encounter questionable behavior, report it to Brave’s security team or trusted cybersecurity professionals.

As the cybersecurity landscape continues to evolve, users are reminded to stay vigilant and maintain up-to-date software to protect against emerging threats.

Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Ivanti Fully Patched Connect Secure RCE Vulnerability That Actively Exploited in the Wild

Ivanti has issued an urgent security advisory for CVE-2025-22457, a critical vulnerability impacting Ivanti Connect…

1 day ago

Beware! Weaponized Job Recruitment Emails Spreading BeaverTail and Tropidoor Malware

A concerning malware campaign was disclosed by the AhnLab Security Intelligence Center (ASEC), revealing how…

1 day ago

EncryptHub Ransomware Uncovered Through ChatGPT Use and OPSEC Failures

EncryptHub, a rapidly evolving cybercriminal entity, has come under intense scrutiny following revelations of operational…

1 day ago

PoisonSeed Targets CRM and Bulk Email Providers in New Supply Chain Phishing Attack

A sophisticated phishing campaign, dubbed "PoisonSeed," has been identified targeting customer relationship management (CRM) and…

1 day ago

Beware! Fake Unpaid Tolls Messages Used in Phishing Attack to Steal Login Credentials

A surge in phishing text messages claiming unpaid tolls has been linked to a massive…

1 day ago

State Bar of Texas Confirms Data Breach, Begins Notifying Affected Consumers

The State Bar of Texas has confirmed a data breach following the detection of unauthorized…

1 day ago