Reports in brave software program: S.No Title Bounty 1 Sending arbitrary IPC messages via overriding Function.prototype.apply $5300.0 2 UAF on JSEthereumProvider $3000.0 3 New XSS vector in ReaderMode with %READER-TITLE-NONCE% $1000.0 4 Universal XSS through FIDO U2F register from subframe $1000.0 5 Universal XSS with Playlist feature $750.0 6 Security token and handler name leak from window.braveBlockRequests $700.0 7 chrome://brave navigation from web $650.0 8 Brave News feeds can open arbitrary chrome: URLs $600.0 9 Cookie steal through content Uri $500.0 10 Information disclosure-Referer leak $500.0 11 Browser is not following proper flow for redirection cause open redirect $500.0 12 UXss on brave browser via scan QR Code $500.0 13 download file type warning on Windows does not appear if "ask where to save file before downloading" setting is enabled $500.0 14 Open redirect due to scanning QR code via brave browser $500.0 15 XSS on internal: privileged origin through reader mode $500.0 16 XSS on Brave Today through custom RSS feed $500.0 17 Brave Browser permanently timestamps & logs connection times for all v2 domains ~/.config/BraveSoftware/Brave-Browser/tor/data/tor.log $400.0 18 Persistent user tracking is possible using window.caches, by avoiding Brave Shields $400.0 19 Onion-Location header allows to open arbitrary URLs including chrome: $400.0 20 Brave Browser unexpectedly allows to send arbitrary IPC messages $300.0 21 chrome://brave can still be navigated to, leading to RCE $300.0 22 HTML injection in title of reader view $300.0 23 application/x-brave-tab should not be readable. $250.0 24 Phishing/Malware site blocking on Brave iOS can be bypassed with trailing dot in hostname $250.0 25 [iOS/Android] Address Bar Spoofing Vulnerability $200.0 26 URL Spoof / Brave Shield Bypass $200.0 27 Torrent Viewer extension web service available on all interfaces $200.0 28 [Android] HTML Injection in BatterySaveArticleRenderer WebView $150.0 29 Field Day With Protocol Handlers $150.0 30 Brave Shield for iOS is weak against IDN homograph attacks $150.0 31 Access to local file system using javascript $100.0 32 OS username disclosure $100.0 33 Download attribute allows downloading local files $100.0 34 Brave Browser potentially logs the last time a Tor window was used $100.0 35 UI spoofing by showing sms:/tel: dialog on another website $100.0 36 Brave Android: Incorrect URL Eliding in Brave Shields Pop Up $100.0 37 [website] Script injection in newsletter signup https://brave.com/brave_youth_program_signup.html $50.0 38 unclaimed s3 bucket takeover in the 3 js file located on the github page of brave software $50.0 39 [DOS] denial of service using code snippet on brave browser $25.0 40 [DOS] Browser hangs on loading the code snippet $25.0 41 Address Bar Spoofing - Already resolved - Retroactive report $0.0 42 Subdomain Takeover of Brave.com $0.0 43 Homograph attack $0.0 44 URI Obfuscation $0.0 45 Status Bar Obfuscation $0.0 46 [iOS] URI Obfuscation in iOS application $0.0 47 JavaScript URL Issues in the latest version of Brave Browser $0.0 48 Javascript confirm() crashes Brave on PC $0.0 49 DOS in browser using window.print() function $0.0 50 [ios] Address bar spoofing in Brave for iOS $0.0 51 Denial of service attack(window object) on brave browser $0.0 52 Denial of service(POP UP Recursion) on Brave browser $0.0 53 2 Directory Listing on ledger.brave.com & vault-staging.brave.com $0.0 54 Information disclosure of website $0.0 55 No user confirmation when an auto-updated extension gets more permissions $0.0 56 Denial of service attack on Brave Browser. $0.0 57 invalid homepage URL causes 'uncaught typeerror' or blank state $0.0 58 [iOS] URL can be replaceState by blob URL in iOS Brave $0.0 59 Address bar spoofing in Brave browser via. window close warnings $0.0 60 links the user may download can be a malicious files $0.0 61 Command Execution because of extension handling $0.0 62 Clickjacking or URL Masking $0.0 63 homograph-attack (unicode vuln) $0.0 64 Remote Stack Overflow Vulnerability (DoS) $0.0 65 Brave payments remembers history even after clearing all browser data. $0.0 66 Brave: Admin Panel Access $0.0 67 Homograph Attack Bypass [ Tested on Linux & Windows ] $0.0 68 Bypassing Homograph Attack Using /@ [ Tested On Windows ] $0.0 69 Directory Listing on https://promo-services-staging.brave.com $0.0 70 Download of (later executed) .NET installer over insecure channel $0.0 71 Arbitrary local code execution via DLL hijacking from executable installer $0.0 72 OPEN REDIRECTION at every 302 HTTP CODE $0.0 73 Cross domain tracking even with 3rd party cookies disabled. $0.0 74 Sending arbitrary IPC messages via overriding Array.prototype.push $0.0 75 DoS in Brave browser for iOS $0.0 76 Navigation to protocol handler URL from the opened page displayed as a request from this page. $0.0 77 Unsafe handling of protocol handlers $0.0 78 Navigation to chrome-extension:// origin (internal pages) from the web $0.0 79 Torrent extension: Cross-origin downloading + "URL spoofing" + CSP-blocked XSS $0.0 80 Local files reading from the web using brave:// $0.0 81 chrome://brave available for navigation in Release build [-> RCE] + navigation to chrome://* using tab_helper ["Open in new tab"] $0.0 82 Local files reading from the "file://" origin through brave:// $0.0 83 Local files reading using link[rel="import"] $0.0 84 URL spoofing in Brave for macOS $0.0 85 URL spoofing using protocol handlers $0.0 86 alert() dialogs on chrome-extension:// origin (internal pages) $0.0 87 Cross-origin page stays focused before/after downloading + uninformative modal window for download $0.0 88 settingcontent-ms files lacks "mark of the web" => execute code by dbl click in Downloads toolbar $0.0 89 Navigation to restricted origins via "Open in new tab" $0.0 90 RCE: DnDing shortcut files to chrome://brave allows loading HTML files in Muon's context $0.0 91 Brave allows flash to follow 307 redirects to other origins with arbitrary content-types $0.0 92 DMARC RECORD MISSING $0.0 93 There is vulnebility Click Here TO fix $0.0 94 Link obfuscation bug $0.0 95 Lack of quarantine meta-attribute for downloaded files leads to GateKeeper bypass $0.0 96 [Brave browser] WebTorrent has DNS rebinding vulnerability $0.0 97 Stored XSS in localhost:* via integrated torrent downloader $0.0 98 HTTP Request Smuggling $0.0 99 Username Information Disclosure via Json response - Using parameter number Intruder $0.0 100 Cross-origin resource sharing misconfiguration (CORS) $0.0 101 No rate limiting for confirmation email lead to email flooding and leads to enumeration of emails in publishers.basicattentiontoken.org $0.0 102 https://publishers.basicattentiontoken.org/favicon.ico is Vulnerable to CVE-2017-7529 $0.0 103 Brave Browser Tor Window leaks user's real IP to the external DNS server $0.0 104 DNS Leaks when using any VPN Browser extension with Brave Shield enabled $0.0 105 Information disclosure $0.0 106 Redirecting users to malicious torrent-files/websites using WebTorrent $0.0 107 Arbitrary file download due to bad handling of Redirects in WebTorrent $0.0 108 Arbitrary file download via "Save .torrent file" option can lead to Client RCE and XSS $0.0 109 Open redirect found on account.brave.com $0.0 110 S3 Bucket Takeover : brave-apt $0.0 111 S3 Bucket Takeover "brave-browser-rpm-staging-release-test" $0.0 112 Tor IP leak caused by the PDF Viewer extension in certain situations $0.0