Brave Browser
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Brave Browser.
By the Year
In 2026 there have been 0 vulnerabilities in Brave Browser. Last year, in 2025 Browser had 2 security vulnerabilities published. Right now, Browser is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 2 | 9.10 |
| 2024 | 0 | 0.00 |
| 2023 | 2 | 6.10 |
| 2022 | 1 | 6.50 |
| 2021 | 1 | 6.50 |
It may take a day or so for new Browser vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Brave Browser Security Vulnerabilities
Brave Browser <0.8.3 Missing Auth in brave-popup-builder
CVE-2025-68508
9.1 - Critical
- December 24, 2025
Missing Authorization vulnerability in Brave Brave brave-popup-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brave: from n/a through <= 0.8.3.
AuthZ
SameSite Cookie Bypass in Brave <1.83.10 Split View
CVE-2025-48980
- October 30, 2025
In Brave Browser Desktop versions prior to 1.83.10 that have the split view feature enabled, the "Open Link in Split View" context menu item did not respect the SameSite cookie attribute. Therefore SameSite=Strict cookies would be sent on a cross-site navigation using this method.
Reliance on Cookies without Validation and Integrity Checking
Brave Browser <=1.59.39: WebUI Factory Schema Flaw
CVE-2023-52263
6.1 - Medium
- December 30, 2023
Brave Browser before 1.59.40 does not properly restrict the schema for WebUI factory and redirect. This is related to browser/brave_content_browser_client.cc and browser/ui/webui/brave_web_ui_controller_factory.cc.
Open Redirect
Brave Android QR Scanner Open Redirect ( 1.52.117)
CVE-2023-28364
6.1 - Medium
- July 01, 2023
An Open Redirect vulnerability exists prior to version 1.52.117, where the built-in QR scanner in Brave Browser Android navigated to scanned URLs automatically without showing the URL first. Now the user must manually navigate to the URL.
Open Redirect
Brave Browser 1.43.34 DoS via ipfs:// in HTML
CVE-2022-47932
6.5 - Medium
- December 24, 2022
Brave Browser before 1.43.34 allowed a remote attacker to cause a denial of service via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This vulnerability is caused by an incomplete fix for CVE-2022-47933.
Brave Browser Desktop between versions 1.17 and 1.20 is vulnerable to information disclosure by way of DNS requests in Tor windows not flowing through Tor if adblocking was enabled.
CVE-2021-22917
6.5 - Medium
- July 12, 2021
Brave Browser Desktop between versions 1.17 and 1.20 is vulnerable to information disclosure by way of DNS requests in Tor windows not flowing through Tor if adblocking was enabled.
Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier suffer from Full Address Bar Spoofing
CVE-2016-9473
- March 28, 2017
Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier suffer from Full Address Bar Spoofing, allowing attackers to trick a victim by displaying a malicious page for legitimate domain names.
User Interface (UI) Misrepresentation of Critical Information
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Brave Browser or by Brave? Click the Watch button to subscribe.
