CVE-2025-48980 in Desktop Browser
Summary
by MITRE • 10/31/2025
In Brave Browser Desktop versions prior to 1.83.10 that have the split view feature enabled, the "Open Link in Split View" context menu item did not respect the SameSite cookie attribute. Therefore SameSite=Strict cookies would be sent on a cross-site navigation using this method.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 12/02/2025
This vulnerability affects Brave Browser Desktop versions before 1.83.10 where the split view feature is enabled. The issue stems from improper handling of SameSite cookie attributes during cross-site navigation operations. When users select the "Open Link in Split View" context menu option, the browser fails to properly validate cookie security policies, allowing Strict SameSite cookies to be transmitted across site boundaries. This represents a significant breakdown in browser security mechanisms designed to prevent cross-site request forgery attacks and protect user session integrity. The vulnerability specifically impacts the split view functionality where content from different origins is displayed side-by-side, creating an environment where cookie security controls can be bypassed through seemingly legitimate user interactions.
The technical flaw manifests in the browser's cookie handling logic within the split view context menu implementation. When processing the "Open Link in Split View" action, the browser does not properly enforce SameSite cookie policies that should prevent cookies marked with SameSite=Strict from being sent during cross-site requests. This behavior violates fundamental web security principles and creates potential attack vectors for malicious actors to exploit. The vulnerability is particularly concerning because it operates through a legitimate user interface interaction rather than requiring malicious code execution, making it more difficult to detect and prevent. The flaw essentially allows an attacker to leverage the split view feature to perform unauthorized cross-site requests while carrying sensitive session cookies that should have been restricted by SameSite policies.
The operational impact of this vulnerability extends beyond simple cookie leakage, potentially enabling session hijacking, cross-site request forgery attacks, and unauthorized access to user accounts. Attackers could exploit this weakness to impersonate users across different domains, particularly in scenarios where sensitive SameSite=Strict cookies are used for authentication or authorization purposes. The vulnerability affects users who actively utilize the split view feature, making it relevant to a significant portion of the browser's user base. Security researchers have identified this as a critical issue that undermines the effectiveness of SameSite cookie protections, which are essential components of modern web security frameworks. This weakness creates opportunities for attackers to bypass security controls that are designed to prevent unauthorized cross-site interactions and maintain user privacy.
Mitigation strategies include upgrading to Brave Browser version 1.83.10 or later where the vulnerability has been addressed through proper SameSite cookie enforcement during split view operations. Users should also consider disabling the split view feature if they do not require its functionality, particularly when browsing sensitive or potentially malicious websites. Network administrators should monitor for unusual cross-site cookie transmission patterns that might indicate exploitation attempts. Security teams should review their monitoring configurations to detect potential SameSite cookie leakage events. This vulnerability aligns with CWE-613 and CWE-352 categories, representing inadequate session management and cross-site request forgery risks respectively. The issue also maps to ATT&CK technique T1531 which involves creating or modifying system processes to gain access to sensitive data, as the vulnerability enables unauthorized access through improper cookie handling mechanisms. Organizations should implement comprehensive browser security policies that include regular updates and monitoring for similar cookie handling vulnerabilities across their browser fleet.