Skip to content

Latest commit

 

History

History
112 lines (111 loc) · 14.8 KB

TOPBRAVESOFTWARE.md

File metadata and controls

112 lines (111 loc) · 14.8 KB
Raw

Top reports from Brave Software program at HackerOne:

  1. Brave Browser Tor Window leaks user's real IP to the external DNS server to Brave Software - 276 upvotes, $0
  2. Open redirect due to scanning QR code via brave browser to Brave Software - 134 upvotes, $0
  3. Stored XSS in localhost:* via integrated torrent downloader to Brave Software - 122 upvotes, $0
  4. Cookie steal through content Uri to Brave Software - 76 upvotes, $500
  5. Local files reading from the web using brave:// to Brave Software - 74 upvotes, $5000
  6. New XSS vector in ReaderMode with %READER-TITLE-NONCE% to Brave Software - 70 upvotes, $1000
  7. UXss on brave browser via scan QR Code to Brave Software - 61 upvotes, $500
  8. Sending arbitrary IPC messages via overriding Function.prototype.apply to Brave Software - 52 upvotes, $5300
  9. Lack of quarantine meta-attribute for downloaded files leads to GateKeeper bypass to Brave Software - 52 upvotes, $50
  10. DNS Leaks when using any VPN Browser extension with Brave Shield enabled to Brave Software - 51 upvotes, $0
  11. chrome://brave available for navigation in Release build [-> RCE] + navigation to chrome://* using tab_helper ["Open in new tab"] to Brave Software - 46 upvotes, $2000
  12. Local files reading using link[rel="import"] to Brave Software - 42 upvotes, $400
  13. Browser is not following proper flow for redirection cause open redirect to Brave Software - 41 upvotes, $500
  14. [Android] HTML Injection in BatterySaveArticleRenderer WebView to Brave Software - 41 upvotes, $150
  15. Information disclosure-Referer leak to Brave Software - 40 upvotes, $500
  16. Onion-Location header allows to open arbitrary URLs including chrome: to Brave Software - 37 upvotes, $400
  17. UAF on JSEthereumProvider to Brave Software - 34 upvotes, $3000
  18. download file type warning on Windows does not appear if "ask where to save file before downloading" setting is enabled to Brave Software - 30 upvotes, $500
  19. [iOS/Android] Address Bar Spoofing Vulnerability to Brave Software - 30 upvotes, $200
  20. HTML injection in title of reader view to Brave Software - 29 upvotes, $300
  21. Universal XSS with Playlist feature to Brave Software - 25 upvotes, $750
  22. Navigation to protocol handler URL from the opened page displayed as a request from this page. to Brave Software - 25 upvotes, $200
  23. XSS on Brave Today through custom RSS feed to Brave Software - 23 upvotes, $500
  24. Local files reading from the "file://" origin through brave:// to Brave Software - 23 upvotes, $400
  25. chrome://brave navigation from web to Brave Software - 21 upvotes, $650
  26. URL Spoof / Brave Shield Bypass to Brave Software - 21 upvotes, $200
  27. DMARC RECORD MISSING to Brave Software - 20 upvotes, $0
  28. Brave Browser permanently timestamps & logs connection times for all v2 domains ~/.config/BraveSoftware/Brave-Browser/tor/data/tor.log to Brave Software - 19 upvotes, $400
  29. https://publishers.basicattentiontoken.org/favicon.ico is Vulnerable to CVE-2017-7529 to Brave Software - 18 upvotes, $100
  30. Open redirect found on account.brave.com to Brave Software - 18 upvotes, $0
  31. S3 Bucket Takeover "brave-browser-rpm-staging-release-test" to Brave Software - 18 upvotes, $0
  32. RCE: DnDing shortcut files to chrome://brave allows loading HTML files in Muon's context to Brave Software - 16 upvotes, $300
  33. Username Information Disclosure via Json response - Using parameter number Intruder to Brave Software - 16 upvotes, $0
  34. No rate limiting for confirmation email lead to email flooding and leads to enumeration of emails in publishers.basicattentiontoken.org to Brave Software - 16 upvotes, $0
  35. Homograph Attack Bypass [ Tested on Linux & Windows ] to Brave Software - 15 upvotes, $0
  36. Bypassing Homograph Attack Using /@ [ Tested On Windows ] to Brave Software - 15 upvotes, $0
  37. URL spoofing in Brave for macOS to Brave Software - 14 upvotes, $50
  38. Homograph attack to Brave Software - 14 upvotes, $0
  39. Arbitrary file download due to bad handling of Redirects in WebTorrent to Brave Software - 14 upvotes, $0
  40. Universal XSS through FIDO U2F register from subframe to Brave Software - 13 upvotes, $1000
  41. Persistent user tracking is possible using window.caches, by avoiding Brave Shields to Brave Software - 13 upvotes, $400
  42. Access to local file system using javascript to Brave Software - 13 upvotes, $100
  43. [ios] Address bar spoofing in Brave for iOS to Brave Software - 13 upvotes, $0
  44. Redirecting users to malicious torrent-files/websites using WebTorrent to Brave Software - 13 upvotes, $0
  45. chrome://brave can still be navigated to, leading to RCE to Brave Software - 12 upvotes, $300
  46. unclaimed s3 bucket takeover in the 3 js file located on the github page of brave software to Brave Software - 12 upvotes, $50
  47. Torrent extension: Cross-origin downloading + "URL spoofing" + CSP-blocked XSS to Brave Software - 12 upvotes, $0
  48. HTTP Request Smuggling to Brave Software - 12 upvotes, $0
  49. S3 Bucket Takeover : brave-apt to Brave Software - 12 upvotes, $0
  50. Navigation to chrome-extension:// origin (internal pages) from the web to Brave Software - 11 upvotes, $300
  51. Download attribute allows downloading local files to Brave Software - 11 upvotes, $100
  52. Unsafe handling of protocol handlers to Brave Software - 11 upvotes, $50
  53. Security token and handler name leak from window.braveBlockRequests to Brave Software - 10 upvotes, $700
  54. Brave News feeds can open arbitrary chrome: URLs to Brave Software - 10 upvotes, $600
  55. application/x-brave-tab should not be readable. to Brave Software - 10 upvotes, $250
  56. Cross-origin page stays focused before/after downloading + uninformative modal window for download to Brave Software - 10 upvotes, $50
  57. Navigation to restricted origins via "Open in new tab" to Brave Software - 10 upvotes, $50
  58. Arbitrary file download via "Save .torrent file" option can lead to Client RCE and XSS to Brave Software - 10 upvotes, $0
  59. Brave Browser unexpectedly allows to send arbitrary IPC messages to Brave Software - 9 upvotes, $300
  60. Phishing/Malware site blocking on Brave iOS can be bypassed with trailing dot in hostname to Brave Software - 9 upvotes, $250
  61. Torrent Viewer extension web service available on all interfaces to Brave Software - 9 upvotes, $200
  62. URL spoofing using protocol handlers to Brave Software - 9 upvotes, $75
  63. [website] Script injection in newsletter signup https://brave.com/brave_youth_program_signup.html to Brave Software - 9 upvotes, $50
  64. [DOS] Browser hangs on loading the code snippet to Brave Software - 9 upvotes, $25
  65. [Brave browser] WebTorrent has DNS rebinding vulnerability to Brave Software - 9 upvotes, $0
  66. Field Day With Protocol Handlers to Brave Software - 8 upvotes, $150
  67. DoS in Brave browser for iOS to Brave Software - 8 upvotes, $80
  68. Address Bar Spoofing - Already resolved - Retroactive report to Brave Software - 8 upvotes, $0
  69. Status Bar Obfuscation to Brave Software - 8 upvotes, $0
  70. Command Execution because of extension handling to Brave Software - 8 upvotes, $0
  71. There is vulnebility Click Here TO fix to Brave Software - 8 upvotes, $0
  72. Brave Shield for iOS is weak against IDN homograph attacks to Brave Software - 7 upvotes, $150
  73. URI Obfuscation to Brave Software - 7 upvotes, $0
  74. 2 Directory Listing on ledger.brave.com & vault-staging.brave.com to Brave Software - 7 upvotes, $0
  75. XSS on internal: privileged origin through reader mode to Brave Software - 6 upvotes, $500
  76. OS username disclosure to Brave Software - 6 upvotes, $100
  77. Brave Browser potentially logs the last time a Tor window was used to Brave Software - 6 upvotes, $100
  78. [DOS] denial of service using code snippet on brave browser to Brave Software - 6 upvotes, $25
  79. Subdomain Takeover of Brave.com to Brave Software - 6 upvotes, $0
  80. [iOS] URL can be replaceState by blob URL in iOS Brave to Brave Software - 6 upvotes, $0
  81. Sending arbitrary IPC messages via overriding Array.prototype.push to Brave Software - 6 upvotes, $0
  82. alert() dialogs on chrome-extension:// origin (internal pages) to Brave Software - 6 upvotes, $0
  83. Denial of service attack on Brave Browser. to Brave Software - 5 upvotes, $0
  84. invalid homepage URL causes 'uncaught typeerror' or blank state to Brave Software - 5 upvotes, $0
  85. Address bar spoofing in Brave browser via. window close warnings to Brave Software - 5 upvotes, $0
  86. settingcontent-ms files lacks "mark of the web" => execute code by dbl click in Downloads toolbar to Brave Software - 5 upvotes, $0
  87. JavaScript URL Issues in the latest version of Brave Browser to Brave Software - 4 upvotes, $0
  88. Javascript confirm() crashes Brave on PC to Brave Software - 4 upvotes, $0
  89. links the user may download can be a malicious files to Brave Software - 4 upvotes, $0
  90. Directory Listing on https://promo-services-staging.brave.com to Brave Software - 4 upvotes, $0
  91. OPEN REDIRECTION at every 302 HTTP CODE to Brave Software - 4 upvotes, $0
  92. Link obfuscation bug to Brave Software - 4 upvotes, $0
  93. [iOS] URI Obfuscation in iOS application to Brave Software - 3 upvotes, $0
  94. Information disclosure of website to Brave Software - 3 upvotes, $0
  95. No user confirmation when an auto-updated extension gets more permissions to Brave Software - 3 upvotes, $0
  96. UI spoofing by showing sms:/tel: dialog on another website to Brave Software - 2 upvotes, $100
  97. Denial of service attack(window object) on brave browser to Brave Software - 2 upvotes, $0
  98. Brave payments remembers history even after clearing all browser data. to Brave Software - 2 upvotes, $0
  99. Brave: Admin Panel Access to Brave Software - 2 upvotes, $0
  100. Cross domain tracking even with 3rd party cookies disabled. to Brave Software - 2 upvotes, $0
  101. Denial of service(POP UP Recursion) on Brave browser to Brave Software - 1 upvotes, $0
  102. Clickjacking or URL Masking to Brave Software - 1 upvotes, $0
  103. homograph-attack (unicode vuln) to Brave Software - 1 upvotes, $0
  104. Remote Stack Overflow Vulnerability (DoS) to Brave Software - 1 upvotes, $0
  105. Download of (later executed) .NET installer over insecure channel to Brave Software - 1 upvotes, $0
  106. Arbitrary local code execution via DLL hijacking from executable installer to Brave Software - 1 upvotes, $0
  107. Brave allows flash to follow 307 redirects to other origins with arbitrary content-types to Brave Software - 1 upvotes, $0
  108. Information disclosure to Brave Software - 1 upvotes, $0
  109. DOS in browser using window.print() function to Brave Software - 0 upvotes, $0
  110. Cross-origin resource sharing misconfiguration (CORS) to Brave Software - 0 upvotes, $0