Is Brave patched for CVE-2023-7024?

Description of the issue:

I searched the community to see if Brave has included this security fix from the latest Chrome release. I didn’t see any topics, so I created this one, that will hopefully provide the answers that users might have.

Additional Information:

Google has released a critical security update for Chrome, addressing a zero-day vulnerability actively exploited by attackers.

The vulnerability, tracked as CVE-2023-7024, could allow attackers to gain control of a user’s computer through malicious websites or phishing emails. This could lead to data theft, malware installation, and other serious consequences.

1 Like

@NumbGnat I believe it would be patched because it was done in Chromium. Such as you can see at they had it fixed in 120.0.6099.129 of Chromium. Brave is using Chromium: 120.0.6099.144.

But since you’re right in that it seems Brave hasn’t explicitly mentioned it, I’ll tag in @fanboynz and @steeven just to see if they can verify, but also then tag the right people to actually have something said on it.

1 Like

@Saoiray This is Brave on Android currently…

So I’m assuming I should stay off the web until they push an update… :thinking:

1 Like

Nah, it’s higher version than that. You need to update.

1 Like

I see… I was looking in Brave Settings → About Brave. I assumed it would have updated automatically… (see screenshot)

Evidently, the Google Play Store doesn’t think the update’s important enough to kick the download off in the background. Because it should be automatically updating as you can see.

Also… I would have expected a [RELAUNCH] notice where the “hamburger button” is, on Brave for Windows…

In settings, it shows that there is an update and that I need to relaunch. But as you can see, there isn’t any visible notice in the Brave window… :thinking:

It would seem that these “lack of notice” errors are leaving people vulnerable to Zero-Day bugs… :thinking:


Refering too

Latest Brave builds will take care off this

1 Like

just my two cents (sense?) on auto-updates, I suggest creating a weekly reminder on Mondays (though I also do it on Wed and Fri too and whenever I’m bored – I don’t use social media) to check for updates, manually do updates, don’t assume that auto-updates will keep you up to date, especially on mobile.

UPDATE: Uhh yeah oops, I usually do this for my iOS/iPadOS apps and use CleanMyMac X Updater for most of my app updates and don’t use my Windows so much anymore, but yeah I usually leave my desktop browser to update itself and it didn’t sooooo… yeah, something was off fair enough

Security updates are quickly implemented either the same day or the following (depending when chromium source is updated).
The auto updates are done by the OS, On android I’ll often manually check for updates and various android apps will show up. Otherwise it’ll just occur automatically by OS.


@fanboynz @steeven Why Brave can’t pass Chromium Checker? It always says Brave spoofs Chromium version.

I’m not an expert but I’d blame the Chromium Checker tool itself because I got the same thing in the screenshot that the tool is showing 109 but it’s actually 120, as seen a bit further down on the website even itself:

"Client Hints: Not_A Brand 8, Chromium 120, Brave 120" (not Brave 109)

1 Like

Actually I just checked brave://settings/help and there was an update (already downloaded), I relaunched and that issue was fixed as also seen on the Checker website… so go push the update and you’re good.

Still shows the same for me on ChromiumChecker. Updated to the latest version…

Thanks for the details. On Windows, I normally rely on the [Update] notice on the hamburger button, to let me know that an update is available. As you can see in the following screenshot, there was an update available, but no [Update] notice.

Any idea why this would happen?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.