Home > Vulnerability Database > WS-2023-0205

Mend.io Vulnerability Database

WS-2023-0205

Good to know:

Date: June 22, 2023

The recent version of Brave iOS 15 introduced window.caches in WKWebView. It provides a persistent cache for web pages, and is also potentially usable for user tracking. The current Cookie Control disables cookie, localStorage and sessionStorage, but it doesn't disable window.caches, so it allows client-side user tracking by window.caches even when cookie brocker is enabled - which leads to privacy violation.

Language: JS

Severity Score

6.1

Related Resources (2)

Url: https://github.com/brave/brave-ios/commit/6a9d7213747e34515b37c4f6a6cfc16784a636cd

Url: https://www.mend.io/vulnerability-database/WS-2023-0205

Severity Score

6.1

Weakness Type (CWE)

Exposure of Private Personal Information to an Unauthorized Actor

CWE-359

Top Fix

Upgrade Version

Upgrade to version v1.43

Learn More

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2023-0205

Good to know:

Date: June 22, 2023

Language: JS

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?