github ChaoticSi1ence/SlimBrave-Neo v1.3.0
SlimBrave Neo 1.3.0 — Security & Hardening
on GitHub

latest releases: v1.4.2, v1.4.1, v1.4.0...
19 days ago

Security & Hardening Update

This release focuses on hardening the three official scripts and making the project's authenticity easier to verify. No binary, installer, or compiled release asset is attached — only source tags. See SECURITY.md for what counts as an authentic copy.

Security fixes

Linux and macOS (slimbrave-linux.py, slimbrave-mac.py)

  • Atomic, symlink-safe policy writes. apply_policy and export_settings now write via tempfile.mkstemp + os.replace instead of plain open(path, "w"). Closes a root-privilege footgun where an unprivileged user could pre-create the policy path as a symlink (e.g. to /etc/shadow) and have root truncate the target. Also makes the write atomic — Brave no longer has a window where it could load a half-written JSON/plist.
  • --policy-file now validates its argument. The flag used to accept any absolute path with no checks. Combined with --reset under a permissive sudoers rule this was effectively "delete any file." It now requires the resolved path to live under a Chromium-documented policy directory (/etc/brave/policies/managed, /etc/chromium/policies/managed on Linux; /Library/Managed Preferences, /Library/Preferences on macOS).
  • Explicit 0o644 mode on the policy file — no more umask roulette.

Windows (SlimBrave.ps1)

  • "Disable Brave Shields" now actually works. BraveShieldsDisabledForUrls is a Chromium list policy and must be stored as a subkey with numbered REG_SZ values (...\BraveShieldsDisabledForUrls\1 = "https://*"). Previous versions stored it as a single REG_SZ holding a JSON-encoded array, which Chromium does not parse, so the checkbox was silently a no-op. Existing broken values are cleaned up automatically on the next apply.
  • New Set-ListPolicy / Remove-ListPolicy / Test-ListPolicyMatches helpers so any future list-type policies are wired correctly.

Authenticity

  • Added SECURITY.md declaring the official source, the official file inventory (three scripts, no binaries), and how to report vulnerabilities via GitHub Private Vulnerability Reporting.
  • Added an alert to the top of the README so users who land there via search see the authenticity notice before the install instructions.

Migration notes

  • Windows users on v1.2.0 or earlier with "Disable Brave Shields" checked: re-open SlimBrave and click Apply once. The old broken REG_SZ value is removed and the correct list subkey is written.
  • --policy-file users with a non-standard path: the flag now rejects paths outside the whitelist. If you had a legitimate use case for this, open an issue with details.

Verifying this release

git clone https://github.com/ChaoticSi1ence/SlimBrave-Neo.git
cd SlimBrave-Neo
git checkout v1.3.0

Or download the raw scripts directly from raw.githubusercontent.com/ChaoticSi1ence/SlimBrave-Neo/v1.3.0/.... Anything claiming to be a SlimBrave installer, .exe, or .msi is not from this project.

Check out latest releases or
releases around ChaoticSi1ence/SlimBrave-Neo v1.3.0

Don't miss a new SlimBrave-Neo release

NewReleases is sending notifications on new releases.

Get notifications