Security

Report a vulnerability

SECURITY.md

Security Policy

Reporting a Vulnerability

Please report security vulnerabilities here

Zen Browser - Missing Fullscreen Security Notification Allows Origin Spoofing
GHSA-vjfv-85qf-v25c published May 13, 2026 by mr-cheffy

High
Address Bar Spoofing via Long Subdomain
GHSA-7p2r-fp29-9w69 published May 8, 2026 by mr-cheffy

Moderate
RSS Live-Folder Item URLs Are Not Scheme-Restricted Before Trusted Tab Creation
GHSA-cc9c-mmmf-c5j6 published May 8, 2026 by mr-cheffy

Low
Zen Browser MAR updater ships with signature verification removed — unsigned updates accepted
GHSA-qpj9-m8jc-mw6q published Apr 24, 2026 by mr-cheffy

High

Learn more about advisories related to zen-browser/desktop in the GitHub Advisory Database