Brave Browser SameSite Cookie Bypass Vulnerability in Split View Feature

A vulnerability exists in Brave Browser Desktop versions prior to 1.83.10 with the split view feature enabled. The 'Open Link in Split View' context menu option fails to adhere to the SameSite cookie policy, allowing SameSite=Strict cookies to be sent during cross-site navigation. This behavior bypasses the intended cookie restrictions, potentially leading to Cross-Site Request Forgery (CSRF) vulnerabilities.

Impact

Exploitation of this vulnerability bypasses SameSite cookie restrictions, allowing SameSite=Strict cookies to be sent in cross-site navigations, which could lead to CSRF attacks.

Reproduction

To reproduce this vulnerability, open a link in a cross-domain context using the 'Open Link in Split View' option. Compare the cookies sent with SameSite=Strict attribute to those sent when using other options, such as 'Open in New Tab' or 'Open in Incognito Window.'

Remediation

Users can update to Brave Browser Desktop version 1.83.10 or later, where this vulnerability has been fixed.