CVE-2025-48980
📋 TL;DR
This vulnerability in Brave Browser Desktop allows SameSite=Strict cookies to be sent during cross-site navigations when using the 'Open Link in Split View' feature, bypassing intended cookie isolation. Attackers could potentially steal sensitive session cookies or perform unauthorized actions on behalf of users. Only Brave Desktop users with split view enabled are affected.
💻 Affected Systems
- Brave Browser Desktop
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal authentication cookies for sensitive sites (banking, email, etc.) and perform account takeover, leading to data theft, financial loss, or unauthorized access to protected resources.
Likely Case
Session hijacking on websites that rely on SameSite=Strict cookies for security, potentially allowing attackers to access user accounts on vulnerable sites visited via split view.
If Mitigated
Limited impact if users avoid split view for sensitive sites or if sites implement additional protections like multi-factor authentication and short session timeouts.
🎯 Exploit Status
Exploitation requires user interaction (clicking 'Open Link in Split View') and targeting of sites using SameSite=Strict cookies. No known active exploitation in the wild.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.83.10 and later
Vendor Advisory: https://hackerone.com/reports/3253725
Restart Required: No
Instructions:
1. Open Brave Browser. 2. Click the menu (three horizontal lines) → Help → About Brave. 3. Browser will automatically check for updates and install version 1.83.10 or newer. 4. Relaunch browser if prompted.
🔧 Temporary Workarounds
Disable Split View Feature
allTemporarily disable the split view feature until patched to prevent exploitation.
No commands needed - disable via browser settings
🧯 If You Can't Patch
- Avoid using the 'Open Link in Split View' feature for any websites, especially those handling sensitive data or authentication.
- Use alternative browsers for accessing sensitive websites until Brave can be updated.
🔍 How to Verify
Check if Vulnerable:
Check Brave version: if below 1.83.10 and split view is enabled, the system is vulnerable.Check Version:
brave://version/ (in Brave address bar)Verify Fix Applied:
Confirm Brave version is 1.83.10 or higher via About Brave page.📡 Detection & Monitoring
Log Indicators:
- Unusual cookie transmissions between different domains in split view sessions
- Multiple failed authentication attempts following successful logins via split view
Network Indicators:
- Cross-site cookie transmissions that should be blocked by SameSite=Strict policy
- Unexpected SameSite=Strict cookies sent to different origins
SIEM Query:
Not applicable for typical endpoint detection - primarily a client-side browser vulnerability.