Brave Browser before 1.43.88 allowed a remote attacker to cause a denial of service in private and guest windows via a crafted HTML file that mentions

BROWSER

15-04-2025 19:44

CVE-2022-47934 Vulnerabilidad documentada

6.5 MEDIUM

Tags

#windows

#brave

#browser

#remote

#fix

#denial

#allow

#attack

Descripción

Brave Browser before 1.43.88 allowed a remote attacker to cause denial of service in private and guest windows via crafted HTML file that mentions an ipfs:// or ipns:// URL. This is caused by incomplete fix for CVE-2022-47932 CVE-2022-47934.

https://github.com/brave/brave-browser/issues/24211

https://github.com/brave/brave-browser/issues/25106

https://github.com/brave/brave-core/commit/82d8e39043e691e0492519126437275511ee87e8

https://github.com/brave/brave-core/pull/14313

https://hackerone.com/reports/1646204

https://github.com/brave/brave-browser/issues/24211

https://github.com/brave/brave-browser/issues/25106

https://github.com/brave/brave-core/commit/82d8e39043e691e0492519126437275511ee87e8

https://github.com/brave/brave-core/pull/14313

https://hackerone.com/reports/1646204

Referencia

Link externo

Ver detalles

Fuente

https://nvd.nist.gov/vuln/detail/CVE-2022-47934

Resultados similares

Coincidentes en almenos en 50% de los tags

18-04-2025 CVE-2024-45651
IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 does not invalidate session ...
Ver información

16-04-2025 CVE-2022-31738
When exiting fullscreen mode, an iframe could have confused the browser about the current state...
Ver información