Navigation:   Dark C0d3rs Exploit Log Research Papers/Vulnerability reports HackerOne Disclosed Reports - 2025-10-14

HackerOne Disclosed Reports - 2025-10-14

0 Replies, 177 Views

 hashXploiter

   10-15-2025, 12:30 PM
Administrator
#1
Logo
High
resolved

SameSite restrictions are lifted, and SameSite:Strict cookie are being sent.


Bug reported by mingi was disclosed at October 15, 2025, 5:41 am   |   Improper Certificate Validation

A vulnerability was discovered where SameSite=Strict cookies were being sent during cross-site navigations, even though they should have been restricted under the SameSite policy. This was caused by the absence of the Sec-Fetch-Site: cross-site header, which is normally used to prevent such bypasses and protect against CSRF attacks. The issue was reported to have been observed in Brave browser version 1.80.120 during a window operation.


[Image: e72398fe92beda2aa80d0329e8b9f4febece7568.gif]

Messages In This Thread
HackerOne disclosed reports - 2025-10-14 - by hashXploiter - 10-15-2025, 12:30 PM



Users browsing this thread: