New XSS vector vulnerability in ReaderMode with %READER-TITLE-NONCE% in Brave Browser(patched)
Target: Brave Software Title: New XSS vector in ReaderMode with %READER-TITLE-NONCE% Summary: Previously, script execution in ReaderMode pages was prohibited by CSP. However, three months ago, this commit partially relaxed the CSP and scripts with nonce-%READER-TITLE-NONCE% are now allowed to be executed. This relaxation of the CSP rule can be exploited for XSS attacks on ReaderMode pages. Here, the attack vector is %READER-CREDITS% which is also included in the ReaderMode HTML template. The %READER-CREDITS% is replaced with the value of the <meta name="auth