Information Disclosure Vulnerability in Brave Desktop's Adblocking Feature

CVE-2021-22916 · MEDIUM Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

In Brave Desktop between versions 1.17 and 1.26.60, when adblocking is enabled and a proxy browser extension is installed, the CNAME adblocking feature issues DNS requests that used the system DNS settings instead of the extension's proxy settings, resulting in possible information disclosure.

Learn more about our Cis Benchmark Audit For Desktop Software.