Critical secruity issues?

Mr_Lex · October 16, 2020, 2:46pm

Issue
Hello everyone. I do have found an issue, or mulitple potential secruity issues.
I tested brave nightly at https://browseraudit.com/
and the nightly throw out multiple issues. One seems to be known “Cookie set by Javascript should not be send over HTTP” but i found two sheme missmatches. I am not that familiar with this kind of stuff, but maybe it will help out building a safer browser?
screenshot

Expected result:
No critical erros

Reproduces how often:
3times

Operating System and Brave Version:
Win10 latest release (brave nightly 1.17.32)

Additional Information:
Used addons:

HTTPS Everywhere
Ublock Origin
1Password X
DuckDuckGo Privacy Essentials
Langauge Tool

Hope that could help? first post here, Maybe a information how critical all three issues are would be nice!

greetings
Lex

justsomeone1 · October 15, 2020, 11:58pm

Hello @Mr_Lex

i run the test you give and it did not show the critical warning you got
could you disable all extension and run the test again and if you get the critical error
could you set tracker and fingerprint to aggresive and strict and re run it again as that is my current settings

beside i have other setting i set i got 21 warning but they are not critical

and have a nice day

Mr_Lex · October 16, 2020, 12:56am

Hey, good evening or so.

I’ll run this test by tomorrow, at daytime. Currently itd 2.55am here.

I did had the shield on “aggressive and strict”, maybe an extension made this errors, I will have to analyze this tomorrow.

Will reach back to you soon!

Greetings
Lex

justsomeone1 · October 16, 2020, 12:38pm

good night and

so maybe it cause of the extension or my other setting i could share with you my crazy settings

and have a nice day

Mr_Lex · October 16, 2020, 2:12pm

Hello,

I tested it again, with standard settings/my settings and Add-ons on and off. Same result.

Are you using the Nightly version?

Greetings
Lex

justsomeone1 · October 16, 2020, 2:16pm

could you try with those setting

while extention off

i am using the release version but i have extra settings

and if it did not work then check my settings on that post

it’s better to create a new profile and use those settings so you did not miss with yours as my settings block more than the usual and sometime i need to re enable some when i get in issue so i do not want you to get in that case

and have a nice day

Mr_Lex · October 16, 2020, 2:38pm

Hey.

I am pretty sure that if i re-download the browser and use the standard settings, those critical issues should not happen, otherwise users would be put in danger. This post is meant to inform the Developer Team.
I downloaded a clean version with no settings changed, and compared it with my results I had with my settings.

I’d have left behind the nightly version after all, and believe me or not, I’m pretty sure it’s in the code, and no settings should change that. That’s my guess. Because other browsers have the same issue

I’ll just use the stable release.

Greetings Lex

justsomeone1 · October 16, 2020, 2:39pm

do you mean that you do not that issue if you used the release version and that only happen on the nightly version or what?

Mr_Lex · October 16, 2020, 2:45pm

Thats what I said, all time.

It was to inform the developer that the nightly version has potential security issues.

Mr_Lex · October 16, 2020, 2:47pm

I moved it to the nightly category.

justsomeone1 · October 16, 2020, 2:47pm

oh ok thanks

glad that you updated the category of your post

Mr_Lex · October 16, 2020, 3:29pm

Hopefully a Dev or who ever from the stuff will see this and investigate the issue.