Vulnerability bug: clipboard access isn't blocked when Brave says it is

  1. website requests clipboard permission
  2. choose block
  3. website gets clipboard access anyway
  4. copying new content to clipboard is also passed to the website (live access)

Version 1.60.114 Chromium: 119.0.6045.124

Additional Information:
Brave has an update waiting for a restart

Just another user like yourself who’s curious and not seeing how to reproduce this, or how it manifested.

Did the highlighted text appear on it’s own, or did you CTRL-V it there? How do you get to the website having access to the clipboard from the picture above?

Yeah, I didn’t make that clear at all. The highlighted text was pasted from my PC’s clipboard into a remote computer’s browser with CTRL+V.

I then copied some new text on my local PC and successfully pasted that, through Brave, into the remote PC as well. I was trying to paste from the remote PC’s clipboard into the remote PC’s browser.

1 Like

Ok, I think this may be a misunderstanding about that setting and what it does.

If the setting is enabled, then the website in question has direct access to your clipboard, and will not need you to press any keys (like CTRL-V) to read or write to/from clipboard. However, pasting from your clipboard with a right-click or keyboard shortcut is an input operation/event from the OS into wherever your cursor is.

So don’t be worried that being able to paste means websites can access your clipboard. What you’re looking to prevent is websites that can read clipboard without user input.

I had hoped to find a website demonstrating it, but no luck for me. Suffice to say that if you leave the setting on the default (ask), you should be asked when a website tries to access it.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.