MITRE wrote:
Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier suffer from Full Address Bar Spoofing, allowing attackers to trick a victim by displaying a malicious page for legitimate domain names.

A fix is in progress, but in the meantime, users of Brave on iOS are directed to be careful browsing, and as always avoid hitting suspicious ads and suspicious links especially on websites that may not seem trustworthy or websites that tends to show a large amount of ads.

Updates on this vulnerability here:

(NOTE: This information may be expired if accessed later than May 3, 2017.)