Critical secruity issues?

Issue
Hello everyone. I do have found an issue, or mulitple potential secruity issues.
I tested brave nightly at https://browseraudit.com/
and the nightly throw out multiple issues. One seems to be known “Cookie set by Javascript should not be send over HTTP” but i found two sheme missmatches. I am not that familiar with this kind of stuff, but maybe it will help out building a safer browser?
screenshot



Expected result:
No critical erros

Reproduces how often:
3times

Operating System and Brave Version:
Win10 latest release (brave nightly 1.17.32)

Additional Information:
Used addons:

  1. HTTPS Everywhere
  2. Ublock Origin
  3. 1Password X
  4. DuckDuckGo Privacy Essentials
  5. Langauge Tool

Hope that could help? first post here, Maybe a information how critical all three issues are would be nice!

greetings
Lex

Hello @Mr_Lex

i run the test you give and it did not show the critical warning you got
could you disable all extension and run the test again and if you get the critical error
could you set tracker and fingerprint to aggresive and strict and re run it again as that is my current settings

beside i have other setting i set i got 21 warning but they are not critical

and have a nice day

Hey, good evening or so.

I’ll run this test by tomorrow, at daytime. Currently itd 2.55am here.

I did had the shield on “aggressive and strict”, maybe an extension made this errors, I will have to analyze this tomorrow.

Will reach back to you soon!

Greetings
Lex

good night and

so maybe it cause of the extension or my other setting i could share with you my crazy settings

and have a nice day

Hello,

I tested it again, with standard settings/my settings and Add-ons on and off. Same result.

Are you using the Nightly version?

Greetings
Lex

could you try with those setting

while extention off

i am using the release version but i have extra settings

and if it did not work then check my settings on that post

it’s better to create a new profile and use those settings so you did not miss with yours as my settings block more than the usual and sometime i need to re enable some when i get in issue so i do not want you to get in that case

and have a nice day

Hey.

I am pretty sure that if i re-download the browser and use the standard settings, those critical issues should not happen, otherwise users would be put in danger. This post is meant to inform the Developer Team.
I downloaded a clean version with no settings changed, and compared it with my results I had with my settings.

I’d have left behind the nightly version after all, and believe me or not, I’m pretty sure it’s in the code, and no settings should change that. That’s my guess. Because other browsers have the same issue

I’ll just use the stable release.

Greetings Lex

do you mean that you do not that issue if you used the release version and that only happen on the nightly version or what?

Thats what I said, all time.

It was to inform the developer that the nightly version has potential security issues.

I moved it to the nightly category.

oh ok thanks :slight_smile:

glad that you updated the category of your post

Hopefully a Dev or who ever from the stuff will see this and investigate the issue.