Not if they use PDFium, but I think brave uses PDF.js for more safety. lots of exploits in the various pdf plugins for brave/chrome hundreds for pdfium : https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=PDFium very few published exploits for brave default pdf plugin in recent years : https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=PDF.js new ones almost every week in google PDFium: march 5 2021: Google Chrome Vulnerability: CVE-2021-21190 Uninitialized Use in PDFium https://www.rapid7.com/db/vulnerabilities/google-chrome-cve-2021-21190/ https://securereading.com/malicious-pdf-files-to-exploit-google-chrome-zero-day-to-steal-users-data/ https://gbhackers.com/google-chrome-zero-day/ BRAVE PDF.js seems like the safest but none are really safe at all. brave deep down uses this source code for rendering pdf , it seems : ng2-pdf-viewer https://github.com/vadimdez/ng2-pdf-viewer