Cyber Security News
sysops

A recently identified vulnerability in the Brave browser has raised significant security concerns for its users. The issue, tracked as CVE-2025-23086, affects desktop versions of Brave from 1.70.x to 1.73.x. 

It involves a flaw in how the browser displays the origin of a site in the file selector dialog during file upload or download prompts. 

This vulnerability could allow malicious websites to pose as trusted domains, potentially deceiving users into downloading harmful files.

Overview of the Vulnerability

The vulnerability stems from Brave’s feature that displays the origin of a site in the operating system’s file selector dialog. 

This feature is intended to enhance user awareness of a site’s legitimacy when interacting with file uploads or downloads. However, in certain scenarios, the origin was not correctly inferred.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup – Try for Free

When combined with an open redirect vulnerability on a trusted site, attackers could exploit this flaw to make a malicious site appear as though it originated from the trusted domain in the file selector dialog.

An open redirect vulnerability occurs when a legitimate website allows user-controlled input to redirect users to external URLs without sufficient validation. 

By chaining this with Brave’s origin misrepresentation issue, attackers can craft scenarios where users unknowingly interact with malicious sites disguised as trustworthy ones.

This vulnerability significantly undermines user trust and security by enabling phishing attacks and malware distribution. Users could be tricked into downloading files or sharing sensitive information under the assumption they are interacting with a legitimate site.

The vulnerability was disclosed to Brave Software by the bug hunter, Syarif Muhammad Sajjad. 

Affected Versions

Vulnerable: Brave Desktop Browser versions up to 1.74.47.

Fixed: Version 1.74.48 and later.

Brave Software has addressed this issue in version 1.74.48 by correcting how site origins are displayed in file selector dialogs and improving validation mechanisms for open redirects. 

Users are advised to remain cautious when downloading files, even from seemingly trusted sources, and to always verify the authenticity of download prompts and file origins. 

Enabling automatic updates for Brave Browser can help ensure timely protection against newly discovered vulnerabilities.

Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar

Related Posts

Researchers have identified fourteen new vulnerabilities in DrayTek Vigor routers, including a critical remote code execution flaw rated 10 out…

A critical security vulnerability in Docker Engine has been discovered, potentially allowing attackers to bypass authentication and gain unauthorized access…

Trend Micro has issued an urgent security bulletin warning users of a critical vulnerability in its Cloud Edge appliance that…