Skip to content

Latest commit

 

History

History
113 lines (112 loc) · 14.9 KB

TOPBRAVESOFTWARE.md

File metadata and controls

113 lines (112 loc) · 14.9 KB
Raw

Top reports from Brave Software program at HackerOne:

  1. Brave Browser Tor Window leaks user's real IP to the external DNS server to Brave Software - 276 upvotes, $0
  2. Open redirect due to scanning QR code via brave browser to Brave Software - 136 upvotes, $0
  3. Stored XSS in localhost:* via integrated torrent downloader to Brave Software - 122 upvotes, $0
  4. Cookie steal through content Uri to Brave Software - 76 upvotes, $500
  5. Local files reading from the web using brave:// to Brave Software - 74 upvotes, $0
  6. New XSS vector in ReaderMode with %READER-TITLE-NONCE% to Brave Software - 70 upvotes, $1000
  7. UXss on brave browser via scan QR Code to Brave Software - 63 upvotes, $500
  8. Sending arbitrary IPC messages via overriding Function.prototype.apply to Brave Software - 52 upvotes, $5300
  9. Lack of quarantine meta-attribute for downloaded files leads to GateKeeper bypass to Brave Software - 52 upvotes, $0
  10. DNS Leaks when using any VPN Browser extension with Brave Shield enabled to Brave Software - 51 upvotes, $0
  11. chrome://brave available for navigation in Release build [-> RCE] + navigation to chrome://* using tab_helper ["Open in new tab"] to Brave Software - 46 upvotes, $0
  12. Local files reading using link[rel="import"] to Brave Software - 43 upvotes, $0
  13. Browser is not following proper flow for redirection cause open redirect to Brave Software - 41 upvotes, $500
  14. [Android] HTML Injection in BatterySaveArticleRenderer WebView to Brave Software - 41 upvotes, $150
  15. Information disclosure-Referer leak to Brave Software - 40 upvotes, $500
  16. Onion-Location header allows to open arbitrary URLs including chrome: to Brave Software - 37 upvotes, $400
  17. UAF on JSEthereumProvider to Brave Software - 36 upvotes, $3000
  18. download file type warning on Windows does not appear if "ask where to save file before downloading" setting is enabled to Brave Software - 30 upvotes, $500
  19. [iOS/Android] Address Bar Spoofing Vulnerability to Brave Software - 30 upvotes, $200
  20. Brave Android: Incorrect URL Eliding in Brave Shields Pop Up to Brave Software - 30 upvotes, $100
  21. HTML injection in title of reader view to Brave Software - 29 upvotes, $300
  22. Universal XSS with Playlist feature to Brave Software - 25 upvotes, $750
  23. Navigation to protocol handler URL from the opened page displayed as a request from this page. to Brave Software - 25 upvotes, $0
  24. Local files reading from the "file://" origin through brave:// to Brave Software - 24 upvotes, $0
  25. XSS on Brave Today through custom RSS feed to Brave Software - 23 upvotes, $500
  26. chrome://brave navigation from web to Brave Software - 21 upvotes, $650
  27. URL Spoof / Brave Shield Bypass to Brave Software - 21 upvotes, $200
  28. S3 Bucket Takeover "brave-browser-rpm-staging-release-test" to Brave Software - 21 upvotes, $0
  29. DMARC RECORD MISSING to Brave Software - 20 upvotes, $0
  30. Brave Browser permanently timestamps & logs connection times for all v2 domains ~/.config/BraveSoftware/Brave-Browser/tor/data/tor.log to Brave Software - 19 upvotes, $400
  31. Open redirect found on account.brave.com to Brave Software - 19 upvotes, $0
  32. https://publishers.basicattentiontoken.org/favicon.ico is Vulnerable to CVE-2017-7529 to Brave Software - 18 upvotes, $0
  33. RCE: DnDing shortcut files to chrome://brave allows loading HTML files in Muon's context to Brave Software - 16 upvotes, $0
  34. Username Information Disclosure via Json response - Using parameter number Intruder to Brave Software - 16 upvotes, $0
  35. No rate limiting for confirmation email lead to email flooding and leads to enumeration of emails in publishers.basicattentiontoken.org to Brave Software - 16 upvotes, $0
  36. Homograph Attack Bypass [ Tested on Linux & Windows ] to Brave Software - 15 upvotes, $0
  37. Bypassing Homograph Attack Using /@ [ Tested On Windows ] to Brave Software - 15 upvotes, $0
  38. Arbitrary file download due to bad handling of Redirects in WebTorrent to Brave Software - 15 upvotes, $0
  39. Homograph attack to Brave Software - 14 upvotes, $0
  40. URL spoofing in Brave for macOS to Brave Software - 14 upvotes, $0
  41. Universal XSS through FIDO U2F register from subframe to Brave Software - 13 upvotes, $1000
  42. Persistent user tracking is possible using window.caches, by avoiding Brave Shields to Brave Software - 13 upvotes, $400
  43. Access to local file system using javascript to Brave Software - 13 upvotes, $100
  44. unclaimed s3 bucket takeover in the 3 js file located on the github page of brave software to Brave Software - 13 upvotes, $50
  45. [ios] Address bar spoofing in Brave for iOS to Brave Software - 13 upvotes, $0
  46. Redirecting users to malicious torrent-files/websites using WebTorrent to Brave Software - 13 upvotes, $0
  47. S3 Bucket Takeover : brave-apt to Brave Software - 13 upvotes, $0
  48. chrome://brave can still be navigated to, leading to RCE to Brave Software - 12 upvotes, $300
  49. Torrent extension: Cross-origin downloading + "URL spoofing" + CSP-blocked XSS to Brave Software - 12 upvotes, $0
  50. HTTP Request Smuggling to Brave Software - 12 upvotes, $0
  51. Download attribute allows downloading local files to Brave Software - 11 upvotes, $100
  52. Unsafe handling of protocol handlers to Brave Software - 11 upvotes, $0
  53. Navigation to chrome-extension:// origin (internal pages) from the web to Brave Software - 11 upvotes, $0
  54. Navigation to restricted origins via "Open in new tab" to Brave Software - 11 upvotes, $0
  55. Arbitrary file download via "Save .torrent file" option can lead to Client RCE and XSS to Brave Software - 11 upvotes, $0
  56. Security token and handler name leak from window.braveBlockRequests to Brave Software - 10 upvotes, $700
  57. Brave News feeds can open arbitrary chrome: URLs to Brave Software - 10 upvotes, $600
  58. application/x-brave-tab should not be readable. to Brave Software - 10 upvotes, $250
  59. Cross-origin page stays focused before/after downloading + uninformative modal window for download to Brave Software - 10 upvotes, $0
  60. Brave Browser unexpectedly allows to send arbitrary IPC messages to Brave Software - 9 upvotes, $300
  61. Phishing/Malware site blocking on Brave iOS can be bypassed with trailing dot in hostname to Brave Software - 9 upvotes, $250
  62. Torrent Viewer extension web service available on all interfaces to Brave Software - 9 upvotes, $200
  63. [website] Script injection in newsletter signup https://brave.com/brave_youth_program_signup.html to Brave Software - 9 upvotes, $50
  64. [DOS] Browser hangs on loading the code snippet to Brave Software - 9 upvotes, $25
  65. URL spoofing using protocol handlers to Brave Software - 9 upvotes, $0
  66. [Brave browser] WebTorrent has DNS rebinding vulnerability to Brave Software - 9 upvotes, $0
  67. Field Day With Protocol Handlers to Brave Software - 8 upvotes, $150
  68. Address Bar Spoofing - Already resolved - Retroactive report to Brave Software - 8 upvotes, $0
  69. Status Bar Obfuscation to Brave Software - 8 upvotes, $0
  70. Command Execution because of extension handling to Brave Software - 8 upvotes, $0
  71. DoS in Brave browser for iOS to Brave Software - 8 upvotes, $0
  72. There is vulnebility Click Here TO fix to Brave Software - 8 upvotes, $0
  73. Brave Shield for iOS is weak against IDN homograph attacks to Brave Software - 7 upvotes, $150
  74. URI Obfuscation to Brave Software - 7 upvotes, $0
  75. 2 Directory Listing on ledger.brave.com & vault-staging.brave.com to Brave Software - 7 upvotes, $0
  76. XSS on internal: privileged origin through reader mode to Brave Software - 6 upvotes, $500
  77. OS username disclosure to Brave Software - 6 upvotes, $100
  78. Brave Browser potentially logs the last time a Tor window was used to Brave Software - 6 upvotes, $100
  79. [DOS] denial of service using code snippet on brave browser to Brave Software - 6 upvotes, $25
  80. Subdomain Takeover of Brave.com to Brave Software - 6 upvotes, $0
  81. [iOS] URL can be replaceState by blob URL in iOS Brave to Brave Software - 6 upvotes, $0
  82. Sending arbitrary IPC messages via overriding Array.prototype.push to Brave Software - 6 upvotes, $0
  83. alert() dialogs on chrome-extension:// origin (internal pages) to Brave Software - 6 upvotes, $0
  84. Denial of service attack on Brave Browser. to Brave Software - 5 upvotes, $0
  85. invalid homepage URL causes 'uncaught typeerror' or blank state to Brave Software - 5 upvotes, $0
  86. Address bar spoofing in Brave browser via. window close warnings to Brave Software - 5 upvotes, $0
  87. settingcontent-ms files lacks "mark of the web" => execute code by dbl click in Downloads toolbar to Brave Software - 5 upvotes, $0
  88. JavaScript URL Issues in the latest version of Brave Browser to Brave Software - 4 upvotes, $0
  89. Javascript confirm() crashes Brave on PC to Brave Software - 4 upvotes, $0
  90. links the user may download can be a malicious files to Brave Software - 4 upvotes, $0
  91. Directory Listing on https://promo-services-staging.brave.com to Brave Software - 4 upvotes, $0
  92. OPEN REDIRECTION at every 302 HTTP CODE to Brave Software - 4 upvotes, $0
  93. Link obfuscation bug to Brave Software - 4 upvotes, $0
  94. [iOS] URI Obfuscation in iOS application to Brave Software - 3 upvotes, $0
  95. Information disclosure of website to Brave Software - 3 upvotes, $0
  96. No user confirmation when an auto-updated extension gets more permissions to Brave Software - 3 upvotes, $0
  97. UI spoofing by showing sms:/tel: dialog on another website to Brave Software - 2 upvotes, $100
  98. Denial of service attack(window object) on brave browser to Brave Software - 2 upvotes, $0
  99. Brave payments remembers history even after clearing all browser data. to Brave Software - 2 upvotes, $0
  100. Brave: Admin Panel Access to Brave Software - 2 upvotes, $0
  101. Cross domain tracking even with 3rd party cookies disabled. to Brave Software - 2 upvotes, $0
  102. Denial of service(POP UP Recursion) on Brave browser to Brave Software - 1 upvotes, $0
  103. Clickjacking or URL Masking to Brave Software - 1 upvotes, $0
  104. homograph-attack (unicode vuln) to Brave Software - 1 upvotes, $0
  105. Remote Stack Overflow Vulnerability (DoS) to Brave Software - 1 upvotes, $0
  106. Download of (later executed) .NET installer over insecure channel to Brave Software - 1 upvotes, $0
  107. Arbitrary local code execution via DLL hijacking from executable installer to Brave Software - 1 upvotes, $0
  108. Brave allows flash to follow 307 redirects to other origins with arbitrary content-types to Brave Software - 1 upvotes, $0
  109. Cross-origin resource sharing misconfiguration (CORS) to Brave Software - 1 upvotes, $0
  110. Information disclosure to Brave Software - 1 upvotes, $0
  111. DOS in browser using window.print() function to Brave Software - 0 upvotes, $0