CVE-2021-22916

Summary

In Brave Desktop between versions 1.17 and 1.26.60, when adblocking is enabled and a proxy browser extension is installed, the CNAME adblocking feature issues DNS requests that used the system DNS settings instead of the extension's proxy settings, resulting in possible information disclosure.

Affected Software

VendorProductVersion RangeStatus
n/ahttps://github.com/brave/brave-coreFixed in 1.26.60affected

Weaknesses

  • CWE-200: Information Disclosure (CWE-200)

ADP Enrichment

CVE Program Container

Additional References

References