Skip to content

Latest commit

 

History

History
111 lines (110 loc) · 14.7 KB

TOPBRAVESOFTWARE.md

File metadata and controls

111 lines (110 loc) · 14.7 KB
Raw

Top reports from Brave Software program at HackerOne:

  1. Brave Browser Tor Window leaks user's real IP to the external DNS server to Brave Software - 277 upvotes, $1000
  2. Stored XSS in localhost:* via integrated torrent downloader to Brave Software - 121 upvotes, $0
  3. Open redirect due to scanning QR code via brave browser to Brave Software - 108 upvotes, $500
  4. Cookie steal through content Uri to Brave Software - 75 upvotes, $500
  5. Local files reading from the web using brave:// to Brave Software - 74 upvotes, $5000
  6. UXss on brave browser via scan QR Code to Brave Software - 57 upvotes, $500
  7. New XSS vector in ReaderMode with %READER-TITLE-NONCE% to Brave Software - 56 upvotes, $1000
  8. Sending arbitrary IPC messages via overriding Function.prototype.apply to Brave Software - 52 upvotes, $5300
  9. Lack of quarantine meta-attribute for downloaded files leads to GateKeeper bypass to Brave Software - 52 upvotes, $50
  10. DNS Leaks when using any VPN Browser extension with Brave Shield enabled to Brave Software - 51 upvotes, $700
  11. chrome://brave available for navigation in Release build [-> RCE] + navigation to chrome://* using tab_helper ["Open in new tab"] to Brave Software - 46 upvotes, $2000
  12. Local files reading using link[rel="import"] to Brave Software - 42 upvotes, $400
  13. [Android] HTML Injection in BatterySaveArticleRenderer WebView to Brave Software - 41 upvotes, $150
  14. Information disclosure-Referer leak to Brave Software - 39 upvotes, $500
  15. Browser is not following proper flow for redirection cause open redirect to Brave Software - 39 upvotes, $500
  16. Onion-Location header allows to open arbitrary URLs including chrome: to Brave Software - 33 upvotes, $400
  17. [iOS/Android] Address Bar Spoofing Vulnerability to Brave Software - 30 upvotes, $200
  18. download file type warning on Windows does not appear if "ask where to save file before downloading" setting is enabled to Brave Software - 27 upvotes, $500
  19. Navigation to protocol handler URL from the opened page displayed as a request from this page. to Brave Software - 25 upvotes, $200
  20. HTML injection in title of reader view to Brave Software - 24 upvotes, $300
  21. Local files reading from the "file://" origin through brave:// to Brave Software - 23 upvotes, $400
  22. chrome://brave navigation from web to Brave Software - 21 upvotes, $650
  23. URL Spoof / Brave Shield Bypass to Brave Software - 21 upvotes, $200
  24. Universal XSS with Playlist feature to Brave Software - 20 upvotes, $750
  25. XSS on Brave Today through custom RSS feed to Brave Software - 20 upvotes, $500
  26. DMARC RECORD MISSING to Brave Software - 20 upvotes, $50
  27. Brave Browser permanently timestamps & logs connection times for all v2 domains ~/.config/BraveSoftware/Brave-Browser/tor/data/tor.log to Brave Software - 19 upvotes, $400
  28. https://publishers.basicattentiontoken.org/favicon.ico is Vulnerable to CVE-2017-7529 to Brave Software - 18 upvotes, $100
  29. RCE: DnDing shortcut files to chrome://brave allows loading HTML files in Muon's context to Brave Software - 16 upvotes, $300
  30. Open redirect found on account.brave.com to Brave Software - 16 upvotes, $300
  31. Username Information Disclosure via Json response - Using parameter number Intruder to Brave Software - 16 upvotes, $0
  32. Homograph Attack Bypass [ Tested on Linux & Windows ] to Brave Software - 15 upvotes, $100
  33. Bypassing Homograph Attack Using /@ [ Tested On Windows ] to Brave Software - 15 upvotes, $50
  34. No rate limiting for confirmation email lead to email flooding and leads to enumeration of emails in publishers.basicattentiontoken.org to Brave Software - 15 upvotes, $50
  35. S3 Bucket Takeover "brave-browser-rpm-staging-release-test" to Brave Software - 14 upvotes, $300
  36. Homograph attack to Brave Software - 14 upvotes, $100
  37. URL spoofing in Brave for macOS to Brave Software - 14 upvotes, $50
  38. Arbitrary file download due to bad handling of Redirects in WebTorrent to Brave Software - 13 upvotes, $150
  39. Access to local file system using javascript to Brave Software - 13 upvotes, $100
  40. [ios] Address bar spoofing in Brave for iOS to Brave Software - 13 upvotes, $50
  41. chrome://brave can still be navigated to, leading to RCE to Brave Software - 12 upvotes, $300
  42. Torrent extension: Cross-origin downloading + "URL spoofing" + CSP-blocked XSS to Brave Software - 12 upvotes, $0
  43. HTTP Request Smuggling to Brave Software - 12 upvotes, $0
  44. Navigation to chrome-extension:// origin (internal pages) from the web to Brave Software - 11 upvotes, $300
  45. Redirecting users to malicious torrent-files/websites using WebTorrent to Brave Software - 11 upvotes, $200
  46. Download attribute allows downloading local files to Brave Software - 11 upvotes, $100
  47. Unsafe handling of protocol handlers to Brave Software - 11 upvotes, $50
  48. unclaimed s3 bucket takeover in the 3 js file located on the github page of brave software to Brave Software - 11 upvotes, $50
  49. Persistent user tracking is possible using window.caches, by avoiding Brave Shields to Brave Software - 10 upvotes, $400
  50. application/x-brave-tab should not be readable. to Brave Software - 10 upvotes, $250
  51. Cross-origin page stays focused before/after downloading + uninformative modal window for download to Brave Software - 10 upvotes, $50
  52. Navigation to restricted origins via "Open in new tab" to Brave Software - 10 upvotes, $50
  53. Universal XSS through FIDO U2F register from subframe to Brave Software - 9 upvotes, $1000
  54. Brave Browser unexpectedly allows to send arbitrary IPC messages to Brave Software - 9 upvotes, $300
  55. Torrent Viewer extension web service available on all interfaces to Brave Software - 9 upvotes, $200
  56. Arbitrary file download via "Save .torrent file" option can lead to Client RCE and XSS to Brave Software - 9 upvotes, $200
  57. [Brave browser] WebTorrent has DNS rebinding vulnerability to Brave Software - 9 upvotes, $100
  58. URL spoofing using protocol handlers to Brave Software - 9 upvotes, $75
  59. [DOS] Browser hangs on loading the code snippet to Brave Software - 9 upvotes, $25
  60. Security token and handler name leak from window.braveBlockRequests to Brave Software - 8 upvotes, $700
  61. Field Day With Protocol Handlers to Brave Software - 8 upvotes, $150
  62. Address Bar Spoofing - Already resolved - Retroactive report to Brave Software - 8 upvotes, $100
  63. DoS in Brave browser for iOS to Brave Software - 8 upvotes, $80
  64. [website] Script injection in newsletter signup https://brave.com/brave_youth_program_signup.html to Brave Software - 8 upvotes, $50
  65. Status Bar Obfuscation to Brave Software - 8 upvotes, $0
  66. Command Execution because of extension handling to Brave Software - 8 upvotes, $0
  67. There is vulnebility Click Here TO fix to Brave Software - 8 upvotes, $0
  68. Brave News feeds can open arbitrary chrome: URLs to Brave Software - 7 upvotes, $600
  69. S3 Bucket Takeover : brave-apt to Brave Software - 7 upvotes, $250
  70. Phishing/Malware site blocking on Brave iOS can be bypassed with trailing dot in hostname to Brave Software - 7 upvotes, $250
  71. URI Obfuscation to Brave Software - 7 upvotes, $150
  72. 2 Directory Listing on ledger.brave.com & vault-staging.brave.com to Brave Software - 7 upvotes, $50
  73. Brave Shield for iOS is weak against IDN homograph attacks to Brave Software - 6 upvotes, $150
  74. [iOS] URL can be replaceState by blob URL in iOS Brave to Brave Software - 6 upvotes, $100
  75. OS username disclosure to Brave Software - 6 upvotes, $100
  76. Brave Browser potentially logs the last time a Tor window was used to Brave Software - 6 upvotes, $100
  77. [DOS] denial of service using code snippet on brave browser to Brave Software - 6 upvotes, $25
  78. Subdomain Takeover of Brave.com to Brave Software - 6 upvotes, $0
  79. Sending arbitrary IPC messages via overriding Array.prototype.push to Brave Software - 6 upvotes, $0
  80. alert() dialogs on chrome-extension:// origin (internal pages) to Brave Software - 6 upvotes, $0
  81. Denial of service attack on Brave Browser. to Brave Software - 5 upvotes, $50
  82. invalid homepage URL causes 'uncaught typeerror' or blank state to Brave Software - 5 upvotes, $0
  83. Address bar spoofing in Brave browser via. window close warnings to Brave Software - 5 upvotes, $0
  84. settingcontent-ms files lacks "mark of the web" => execute code by dbl click in Downloads toolbar to Brave Software - 5 upvotes, $0
  85. XSS on internal: privileged origin through reader mode to Brave Software - 4 upvotes, $500
  86. JavaScript URL Issues in the latest version of Brave Browser to Brave Software - 4 upvotes, $0
  87. Javascript confirm() crashes Brave on PC to Brave Software - 4 upvotes, $0
  88. Directory Listing on https://promo-services-staging.brave.com to Brave Software - 4 upvotes, $0
  89. Link obfuscation bug to Brave Software - 4 upvotes, $0
  90. [iOS] URI Obfuscation in iOS application to Brave Software - 3 upvotes, $0
  91. Information disclosure of website to Brave Software - 3 upvotes, $0
  92. No user confirmation when an auto-updated extension gets more permissions to Brave Software - 3 upvotes, $0
  93. links the user may download can be a malicious files to Brave Software - 3 upvotes, $0
  94. OPEN REDIRECTION at every 302 HTTP CODE to Brave Software - 3 upvotes, $0
  95. Denial of service attack(window object) on brave browser to Brave Software - 2 upvotes, $100
  96. UI spoofing by showing sms:/tel: dialog on another website to Brave Software - 2 upvotes, $100
  97. Brave payments remembers history even after clearing all browser data. to Brave Software - 2 upvotes, $0
  98. Brave: Admin Panel Access to Brave Software - 2 upvotes, $0
  99. Cross domain tracking even with 3rd party cookies disabled. to Brave Software - 2 upvotes, $0
  100. Clickjacking or URL Masking to Brave Software - 1 upvotes, $0
  101. homograph-attack (unicode vuln) to Brave Software - 1 upvotes, $0
  102. Remote Stack Overflow Vulnerability (DoS) to Brave Software - 1 upvotes, $0
  103. Download of (later executed) .NET installer over insecure channel to Brave Software - 1 upvotes, $0
  104. Arbitrary local code execution via DLL hijacking from executable installer to Brave Software - 1 upvotes, $0
  105. Information disclosure to Brave Software - 1 upvotes, $0
  106. DOS in browser using window.print() function to Brave Software - 0 upvotes, $0
  107. Denial of service(POP UP Recursion) on Brave browser to Brave Software - 0 upvotes, $0
  108. Brave allows flash to follow 307 redirects to other origins with arbitrary content-types to Brave Software - 0 upvotes, $0
  109. Cross-origin resource sharing misconfiguration (CORS) to Brave Software - 0 upvotes, $0