Refine your search
2 vulnerabilities found for Desktop Browser by Brave
CVE-2025-48980 (GCVE-0-2025-48980)
Vulnerability from nvd
Published
2025-10-30 23:29
Modified
2025-12-01 20:22
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In Brave Browser Desktop versions prior to 1.83.10 that have the split view feature enabled, the "Open Link in Split View" context menu item did not respect the SameSite cookie attribute. Therefore SameSite=Strict cookies would be sent on a cross-site navigation using this method.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Brave | Desktop Browser |
Version: 1.83.10 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48980",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-31T14:47:46.566526Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-565",
"description": "CWE-565 Reliance on Cookies without Validation and Integrity Checking",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T20:22:29.067Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Desktop Browser",
"vendor": "Brave",
"versions": [
{
"lessThan": "1.83.10",
"status": "affected",
"version": "1.83.10",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Brave Browser Desktop versions prior to 1.83.10 that have the split view feature enabled, the \"Open Link in Split View\" context menu item did not respect the SameSite cookie attribute. Therefore SameSite=Strict cookies would be sent on a cross-site navigation using this method."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T23:29:44.075Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/3253725"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-48980",
"datePublished": "2025-10-30T23:29:44.075Z",
"dateReserved": "2025-05-29T15:00:04.773Z",
"dateUpdated": "2025-12-01T20:22:29.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-48980 (GCVE-0-2025-48980)
Vulnerability from cvelistv5
Published
2025-10-30 23:29
Modified
2025-12-01 20:22
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In Brave Browser Desktop versions prior to 1.83.10 that have the split view feature enabled, the "Open Link in Split View" context menu item did not respect the SameSite cookie attribute. Therefore SameSite=Strict cookies would be sent on a cross-site navigation using this method.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Brave | Desktop Browser |
Version: 1.83.10 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48980",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-31T14:47:46.566526Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-565",
"description": "CWE-565 Reliance on Cookies without Validation and Integrity Checking",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T20:22:29.067Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Desktop Browser",
"vendor": "Brave",
"versions": [
{
"lessThan": "1.83.10",
"status": "affected",
"version": "1.83.10",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Brave Browser Desktop versions prior to 1.83.10 that have the split view feature enabled, the \"Open Link in Split View\" context menu item did not respect the SameSite cookie attribute. Therefore SameSite=Strict cookies would be sent on a cross-site navigation using this method."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T23:29:44.075Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/3253725"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-48980",
"datePublished": "2025-10-30T23:29:44.075Z",
"dateReserved": "2025-05-29T15:00:04.773Z",
"dateUpdated": "2025-12-01T20:22:29.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}