Latest Update of Brave --Big Download Security DANGER!

The latest update on Brave lacks the download shelf. Instead, it puts the download on the upper right and offers no option to open the file LOCATION. I accidentally clicked on the ‘download bubble’ and the file EXECUTED without my permission. Even Windows UAC could not stop it (I clicked NO, do not install) and it continued the installation despite my trying to close the installer.
This is a security risk because the logical thing a user is going to do is click that download bubble and accidentally install whatever .exe file is there.
Very bad move, Brave/Google!

Latest info from Wacom Tech Support–it’s a bug affecting Windows Ink devices:

“I got word back from our QA team, they were able to reproduce the issue in their lab with our products, but also with other generic pen input devices they use for testing. They’ve confirmed this is a bug on the browser side that affects pen input devices in general, this is independent from our driver and something the browser developer will need to work on.
On that note, our QA folks reported this to Brave in one channel they have to take such reports. Here you can see this https://github.com/brave/brave-browser/issues/36237 and follow”

@Basspig what are your settings for brave://settings/downloads? For example:

If you have Ask where to save each file before downloading, then it won’t just immediately download.

But what you’re explaining has been a Chromium thing for ages. It’s not new. The only thing that changed is instead of the download menu appearing on the bottom left, it’s appearing in a bubble up the upper right. Rather than just clicking on something when you see a notification, you should probably read it and navigate there yourself.

Oh, and once it starts downloading, you’re able to still cancel if it’s a big enough file that it didn’t download right away.

I don’t have “ask for each file” because I don’t want the extra step when I am downloading many files.
I just want it back to the shelf where I can CHOOSE to open the folder and access the files I downloaded. Not to mention, I can’t tell if I am downloading at all–this caused me to click on a download button FIVE TIMES last night because I saw no evidence that the file was downloading.
But this new problem is that clicking on the “download bubble” doesn’t bring up an option to open folder–it executes the file. That is the dumbest thing I’ve ever seen. BAD JUDGEMENT, GOOGLE! We’re going to see a surge in malware installs because of this one feature. Imagine computer neophytes clicking on that bubble and installing malware.
I either need to disable this feature or stop using Brave.

Sorry but that’s just not true. Yes, if you click on the file directly, it will open. If you click the folder option on the download bubble opens the file location — I do this all the time:

We have seen no surge in malware installs. Further, if Windows ran a program through UAC, then that is an issue with Windows, not Brave. Brave cannot control your system in this way.

Additionally, if security is paramount to you, having the “extra step” that comes with enabling the Ask where to save each file before downloading option may actually interest you quite a bit, as it will give you a second opportunity to ensure that you actually want to download the file.

Make Sure to have UAC and Smartscreen turned on…

I dont even have antivirus… UAC/Smartscreen alone is enough for me… they dont even let files from Github to be executed without permissions… Win 8.1 Blocks everything

unless you click Run anyway, Win 8.1 will refuse to run it

if the .exe has verified publisher license, UAC will be prompted… In most cases, Smartscreen shows up for unverified indie publishers…

Also you wont see the lightbox based blue screen while the .exe is clicked from download shelf of brave but only while you noticed clicking .exe from the download shelf of brave haven’t done anything and you attempted to run it once again by going to file explorer and double clicking the .exe file again.

Not true if you use a Wacom tablet and Windows Ink is turned on so you can scroll in a browser. Both icons LAUNCH the file.
I found out that if I use a 20 year old mouse, the folder icon doesn’t launch the file, but does what it should do–open the folder.
This is something that Google and Wacom will have to solve.

Here is the proof that it opens the file. I screen recorded it.

Seems like the issue is not specific to Brave but rather your setup/Wacom. Just to make sure, I just checked the behavior using:

  • My current mouse (bluetooth Logitech)
  • My gaming mouse (Razor Basilisk)
  • Old generic brand wired mouse I found in my filing cabinet
  • macOS and Windows laptop trackpad

All of the above worked as expected in the download bubble. I would recommend using a different setup, reaching out to Wacom support about the behavior, or using the full downloads menu moving forward.

This topic was automatically closed after 7 days. New replies are no longer allowed.