Information Disclosure in Brave Browser < 1.34
Information Disclosure in Brave Browser < 1.34
Information Disclosure in Brave Browser < 1.34
| CVE ID | CVE-2022-30334 |
| CVE Link | https://nvd.nist.gov/vuln/detail/CVE-2022-30334 |
| Vendor | Brave |
| Affected Product & Version | Brave Browser < 1.34 |
| Vulnerability Type | Information Disclosure |
| CVSS Base Score / CVSS Vector | NVD: 5.3 Medium / BDO: 5.3 Medium / |
| Author | Patrick Walker |
| Date | 2022-07-05 |
CVE Details
Description:
Brave before 1.34, when a Private Window with Tor Connectivity is used, leaks .onion URLs in Referer and Origin headers.
Usually, URLs inside the TOR network are considered confidential. The Brave browser offers a feature for running “Private Windows with Tor Connectivity” in order to browse the internet as well as the TOR network, privately. Even though this feature is focused on privacy, it still sends Referer and Origin HTTP headers to the target server, when embedding pages inside an iframe. This would leak potentially confidential .onion URLs.
Remediation:
Brave must be updated to the most recent version. In addition, it should be noted that the Brave documentation still advises "Note that Private Windows with Tor Connectivity in Brave are just regular private windows that use Tor as a proxy. Brave does NOT implement most of the privacy protections from Tor Browser."
References:
- https://support.brave.com/hc/en-us/articles/360018121491-What-is-a-Private-Window-with-Tor-Connectivity
- https://github.com/brave/brave-browser/issues/18071
- https://github.com/brave/brave-core/pull/10760
- https://hackerone.com/reports/1337624
Timeline
2021-09-12: Vulnerability reported via HackerOne platform
2021-09-16: Vulnerability confirmed by vendor
2021-11-09: Vulnerability has been fixed
2022-05-07: CVE published