A safety vulnerability has been recognized in Courageous Browser, probably permitting malicious web sites to masquerade as trusted ones throughout file add or obtain operations.
The difficulty, tracked beneath CVE-2025-23086, impacts particular variations of the Courageous browser on desktop platforms, making a threat for unsuspecting customers.
Courageous Browser Vulnerability
The vulnerability impacts Courageous Browser variations 1.70.x to 1.73.x. A characteristic supposed to show a web site’s origin within the working system’s file selector dialog didn’t appropriately infer the origin in sure situations.
This flaw, when exploited alongside an open redirector vulnerability on a trusted web site, might permit malicious actors to provoke file downloads that seem to originate from the trusted web site.
Examine Actual-World Malicious Hyperlinks & Phishing Assaults With Menace Intelligence Lookup - Strive for Free
For instance, if a consumer interacts with a malicious web site leveraging an open redirect on a professional, trusted area, the file selector dialog throughout add or obtain could show the trusted web site because the supply as a substitute of the particular malicious web site.
This misrepresentation might trick customers into believing the motion is secure, probably exposing them to phishing assaults or unknowingly downloading dangerous information.
Affected Variations
The vulnerability impacts Courageous Desktop Browser variations between 1.70.117 and earlier than 1.74.48. Particularly:
- Affected: Variations from 1.70.117 to 1.73.x.
- Unaffected: Variations previous to 1.70.117 or ranging from 1.74.48.
Courageous has already launched an replace (model 1.74.48 and newer) to deal with this concern, making certain that the origin inference for file selectors capabilities appropriately.
Courageous Software program acted swiftly upon figuring out the vulnerability. The corporate has suggested customers to right away replace their browsers to the most recent model (1.74.48 or newer) to mitigate the danger.
Customers can confirm their model by navigating to the browser’s settings menu beneath “About Courageous.”
- Replace Your Browser: If you’re utilizing Courageous Desktop Browser, guarantee your software program is upgraded to model 1.74.48 or newer.
- Train Warning: Be cautious of surprising obtain prompts, even from websites that seem trusted.
- Report Suspicious Exercise: In case you encounter questionable conduct, report it to Courageous’s safety crew or trusted cybersecurity professionals.
Because the cybersecurity panorama continues to evolve, customers are reminded to remain vigilant and preserve up-to-date software program to guard in opposition to rising threats.
Integrating Utility Safety into Your CI/CD Workflows Utilizing Jenkins & Jira -> Free Webinar