CVE 2017-18256

Brave Browser before 0.13.0 allows remote attackers to cause a denial of service (resource consumption) via a long alert() argument in JavaScript code, because window dialogs are mishandled.

See the CVE page on Mitre.org for more details.