[CVE-2019-16075] Brave Browser AdBlock: Out-of-Bounds Read by One Byte (AdBlockClient::getFingerprint)


Brave Browser implements a built-in AdBlock component that can parse AdBlock Plus filters (e.g. EasyList). The parser is implemented from Brave in native C++ code and was found to be vulnerable to an out-of-bounds (OOB) read of 1 byte.
Exploiting this vulnerability might allow an adversary to read memory from Chrome’s privileged process since the AdBlock initialization is executed from the main process before delegating to sandboxed workers. This means one could use this vulnerability to perform information disclosure chain this with other vulnerabilities to perform code execution.

CVSS 3.0 Base Score

6.5 (AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)


xen1thlabs software lab


Not releasing for now

Disclosure Timelines

  • 19-Jun-2019 Notified vendor
  • 15-Aug-2019 Brave browser Android v1.2.0 released which resolves this
You can know about me at my portfolio.
I follow my own Vulnerability Disclosure Policy.
Most of my work is listed here.