Fair enough, I take it back, apologies! I did look at the
link you provided, but to be fair it only documented the chrome bug (through the chromium list), there wasn't any documentation or testing there of it also affecting chromium, apart from the assumption based on software knowledge. Note the tests were through ./chrome not ./chromium. But, after thorough research (basically searching for the "CVE" and "chromium") it did confirm it was also a bug in chromium from Debian and Red Hat releases which I trust, even if they didn't specify why. Call me a fool, but the description is very misleading too, there is no mention of the CVE affecting chromium:
Use-after-garbage-collection in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Thanks for the additional links and info, I definitely won'y rely on any of the CVE databses to alert me of chromium/brave bugs in the future!!
I do not know by what principle they relate CVE to which vendor.
But as you can see above, the bug is declared and fixed in the chromium.
So brave had this bug too.
By the way, they paid $ 3,000 for this bug.
My only thought why it isn't listed as a CVE for Chromium/Brave if they only list the CVE from the vendor that publishes it. As this was Chrome, as oppose to Chromium (which didn't even mention it on their blog as far as I could find), then I guess it doesn't additionally get listed as a Chromium/Brave bug. Even though the CVE's lists all the affected versions, so it's very bizarre not actually listing all the affecting products. This also makes it very hard to identify chrome bugs that do/don't affect chromium imo.
It's good to know they donated $3,000 for this bug at least.