| Title | Browserbase Browserbase Skills latest main branch prior to fix (tested May 2026) Information Disclosure / Insecure File Permissions |
|---|
| Description | Autobrowse trace artifacts (trace.json, messages.json, summary.md, screenshots) are written using default filesystem permissions without explicitly restricting access. On systems with permissive umask settings or shared-readable workspaces, sensitive trace data including tokens, cookies, request headers, prompts, form data, and screenshots may become readable by other local users or processes. |
|---|
| Source | ⚠️ https://github.com/NARKHEDE-VAIBHAV/poc/blob/main/browserbase-skills-infoleak-poc.sh |
|---|
| User | vaibhavnarkhede (UID 94039) |
|---|
| Submission | 05/26/2026 17:54 (28 days ago) |
|---|
| Moderation | 06/21/2026 15:17 (26 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 372613 [Browserbase up to 20260526 Autobrowse Trace Artifact default permission] |
|---|
| Points | 19 |
|---|