UXss on brave browser via scan QR Code

## Summary: I found UXss in your browser, and executed Xss on all open domains. before that I want to tell you a little, that I've found a vulnerability like this in Microsoft Edge : https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-23258 Oppo browser : (Private/no disclosure) and now i found it in your application ## Products affected: * Android 13, Brave browser version 1.48.164, Brave Nightly browser version 1.50.53, Brave Beta Browser version 1.49.106, Chromium 110.5481.100 Payload : {F2191688} This is a QR Code containing the url : blocked:alert(document.domain); which the attacker will use to attack the victim ## Steps To Reproduce: - Open Brave browser - Open www.google.com {F2191713} - Click the url bar and delete the url (click the cross on the Url Bar) {F2191709} - You will see a Scan QR Code button {F2191707} - Click Scan QR Code button & Scan the QR Code above {F2191708} - Xss Executed. {F2191706} {F2191705} ## Supporting Material/References: {F2191774} https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-23258 ## Impact Attackers can steal the victim's cookies, and as you can see at this point. that this vulnerability does not only affect brave, but will affect all existing domains/websites. and it is very possible that websites such as facebook.com, google.com, microsoft.com are also affected by this vulnerability example : https://portswigger.net/daily-swig/microsoft-edge-translator-contained-uxss-flaw-exploitable-on-any-web-page