CVE-2023-28364: 
Homebrew vulnerability analysis and mitigation

An Open Redirect vulnerability was discovered in Brave Browser Android prior to version 1.52.117. The vulnerability existed in the built-in QR scanner functionality, where the browser would automatically navigate to scanned URLs without first displaying the URL to the user for verification (NVD, CVE).

The vulnerability is classified as a URL Redirection to Untrusted Site (Open Redirect) issue, identified as CWE-601. The CVSS v3.1 base score is 6.1 (MEDIUM), with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. This indicates that the vulnerability is network exploitable, requires low attack complexity, needs no privileges, but does require user interaction (NVD).

The vulnerability could allow an attacker to redirect users to malicious websites through QR codes without the user having a chance to verify the URL before navigation occurs. This could potentially lead to phishing attacks or other malicious redirections (NVD).

The vulnerability has been fixed in Brave Browser Android version 1.52.117. The fix requires users to manually navigate to scanned URLs rather than allowing automatic navigation. Users are advised to update to this version or later to mitigate the vulnerability (NVD).