CVE-2022-30334

Information Disclosure in Brave Browser < 1.34

Information Disclosure in Brave Browser < 1.34

Information Disclosure in Brave Browser < 1.34

CVE ID
CVE-2022-30334
CVE Link
https://nvd.nist.gov/vuln/detail/CVE-2022-30334
Vendor
Brave
Affected Product & Version
Brave Browser < 1.34
Vulnerability Type
Information Disclosure
CVSS Base Score / CVSS Vector

NVD: 5.3 Medium  / 
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

BDO: 5.3 Medium  / 
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Author
Patrick Walker
Date
2022-07-05

CVE Details

Description:

Brave before 1.34, when a Private Window with Tor Connectivity is used, leaks .onion URLs in Referer and Origin headers.

Usually, URLs inside the TOR network are considered confidential. The Brave browser offers a feature for running “Private Windows with Tor Connectivity” in order to browse the internet as well as the TOR network, privately. Even though this feature is focused on privacy, it still sends Referer and Origin HTTP headers to the target server, when embedding pages inside an iframe. This would leak potentially confidential .onion URLs.

Remediation:

Brave must be updated to the most recent version. In addition, it should be noted that the Brave documentation still advises "Note that Private Windows with Tor Connectivity in Brave are just regular private windows that use Tor as a proxy. Brave does NOT implement most of the privacy protections from Tor Browser."

References:


Timeline

2021-09-12: Vulnerability reported via HackerOne platform

2021-09-16: Vulnerability confirmed by vendor

2021-11-09: Vulnerability has been fixed

2022-05-07: CVE published