Brave Browser Vulnerability Exposes Users to Phishing and Malware Attacks

EXECUTIVE SUMMARY:

A discovered vulnerability in the Brave browser, identified as CVE-2025-23086, affects versions on desktop platforms. This flaw lies in how Brave displays the origin of a site in the file selector dialog during file upload or download prompts, leading to potential misrepresentation of a site's origin. By combining this issue with an open redirect vulnerability, attackers can deceive users into interacting with malicious websites disguised as trusted domains. This opens the door for phishing attacks and the distribution of malware, as users may unknowingly download harmful files or share sensitive information. Brave Software has addressed the issue in version by correcting the origin display and improving validation mechanisms for open redirects. It is urged to update their browsers to the latest version and remain vigilant when interacting with download prompts. It is using Brave in enterprise environments should deploy the patched version promptly to mitigate potential security risks. Additionally, it should be cautious of unexpected download prompts, even from seemingly legitimate sources.