Browser_use Module, URL Whitelist Bypass, CVE-XXXX-XXXX (Critical)

How the CVE Works:

The vulnerability exists in the `browser_use` module’s URL whitelist validation. The `_is_url_allowed()` method checks if a domain is permitted by comparing against allowed_domains. However, the check improperly handles URLs containing basic authentication syntax (user:pass@domain). By crafting a URL like https://whitelisted.com:[email protected]`, an attacker can bypass the whitelist. The method splits the domain at `:` and only checks the left part (whitelisted.com), ignoring the actual host (malicious.com). This allows access to unauthorized domains, internal networks, or localhost services.
<h2 style="color: blue;">DailyCVE Form:</h2>
Platform: Browser_use module
Version: Pre-patch
Vulnerability: Whitelist bypass
Severity: Critical
Date: YYYY-MM-DD
<h2 style="color: blue;">What Undercode Say:</h2>
<h2 style="color: blue;">Exploitation:</h2>
<h2 style="color: blue;">1. Craft malicious URL:</h2>

malicious_url = "https://allowed.com:[email protected]"

<h2 style="color: blue;">2. Bypass check:</h2>
The `_is_url_allowed()` method will validate `allowed.com` while redirecting toattacker.com.
<h2 style="color: blue;">Protection:</h2>
<h2 style="color: blue;">1. Patch validation:</h2>

def _is_url_allowed(self, url: str) -> bool:
if not self.config.allowed_domains:
return True
parsed_url = urlparse(url)
domain = parsed_url.hostname Ignore auth credentials
if not domain:
return False
domain = domain.lower()
return any(
domain == allowed or domain.endswith(f".{allowed}")
for allowed in self.config.allowed_domains
)

grep -r "_is_url_allowed" /path/to/module

tcpdump -i eth0 'port 80 or port 443' | grep "@"

<h2 style="color: blue;">Mitigation:</h2>
- Disable `disable_security` flag inBrowserContextConfig`.
– Enforce strict domain validation before navigation.

References:

• Patch commit: [bash]
• CVE details: [bash]

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram