CVE-2021-22916 Information

Description

In Brave Desktop between versions 1.17 and 1.26.60 when adblocking is enabled and a proxy browser extension is installed the CNAME adblocking feature issues DNS requests that used the system DNS settings instead of the extension’s proxy settings resulting in possible information disclosure.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

https://hackerone.com/reports/1203842

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

5.9