Brave

By the Year

In 2026 there have been 0 vulnerabilities in Brave. Last year, in 2025 Brave had 3 security vulnerabilities published. Right now, Brave is on track to have less security vulnerabilities in 2026 than it did last year.

Recent Brave Security Vulnerabilities

CVE	Date	Vulnerability	Products
CVE-2025-68508	Dec 24, 2025	Brave Browser <0.8.3 Missing Auth in brave-popup-builder Missing Authorization vulnerability in Brave Brave brave-popup-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brave: from n/a through <= 0.8.3.	Brave Browser
CVE-2025-48980	Oct 30, 2025	SameSite Cookie Bypass in Brave <1.83.10 Split View In Brave Browser Desktop versions prior to 1.83.10 that have the split view feature enabled, the "Open Link in Split View" context menu item did not respect the SameSite cookie attribute. Therefore SameSite=Strict cookies would be sent on a cross-site navigation using this method.	Browser
CVE-2025-7710	Aug 02, 2025	Auth Bypass in WP Brave Conversion Engine PRO <=0.7.7 The Brave Conversion Engine (PRO) plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.7.7. This is due to the plugin not properly restricting a claimed identity while authenticating with Facebook. This makes it possible for unauthenticated attackers to log in as other users, including administrators.	Brave
CVE-2024-35655	Jun 04, 2024	Brave Popup Builder <0.6.9 Stored XSS via Improper Input Neutralization Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brave Brave brave-popup-builder allows DOM-Based XSS.This issue affects Brave: from n/a through <= 0.6.9.	Brave Popup Builder
CVE-2023-52263	Dec 30, 2023	Brave Browser <=1.59.39: WebUI Factory Schema Flaw Brave Browser before 1.59.40 does not properly restrict the schema for WebUI factory and redirect. This is related to browser/brave_content_browser_client.cc and browser/ui/webui/brave_web_ui_controller_factory.cc.	Browser
CVE-2023-28364	Jul 01, 2023	Brave Android QR Scanner Open Redirect ( 1.52.117) An Open Redirect vulnerability exists prior to version 1.52.117, where the built-in QR scanner in Brave Browser Android navigated to scanned URLs automatically without showing the URL first. Now the user must manually navigate to the URL.	Browser
CVE-2023-28360	May 11, 2023	Brave Browser <1.48.171 - Omitted Download Safety Dialog An omission of security-relevant information vulnerability exists in Brave desktop prior to version 1.48.171 when a user was saving a file there was no download safety check dialog presented to the user.	Brave
CVE-2023-22798	Feb 09, 2023	Brave Redirect Debounce Removal Enables Open Redirects Prior to commit 51867e0d15a6d7f80d5b714fd0e9976b9c160bb0, https://github.com/brave/adblock-lists removed redirect interceptors on some websites like Facebook in which the redirect interceptor may have been there for security purposes. This could potentially cause open redirects on these websites. Brave's redirect interceptor removal feature is known as "debouncing" and is intended to remove unnecessary redirects that track users across the web.	Adblock Lists
CVE-2022-47933	Dec 24, 2022	Brave Browser IPFS DoS before 1.42.51 Brave Browser before 1.42.51 allowed a remote attacker to cause a denial of service via a crafted HTML file that references the IPFS scheme. This vulnerability is caused by an uncaught exception in the function ipfs::OnBeforeURLRequest_IPFSRedirectWork() in ipfs_redirect_network_delegate_helper.cc.	Brave
CVE-2022-47932	Dec 24, 2022	Brave Browser 1.43.34 DoS via ipfs:// in HTML Brave Browser before 1.43.34 allowed a remote attacker to cause a denial of service via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This vulnerability is caused by an incomplete fix for CVE-2022-47933.	Brave Browser