Brave browser found to leak users' Tor dark web activity

Developers of the privacy-focussed Brave web browser had to scamper to fix a bug to prevent the browser from leaking visited Tor addresses in DNS traffic.

Popular anonymouys browser Brave has sported a Tor mode since 2018 to allow users to visit the .onion addresses on the dark web without using the separate Tor browser.

However, an anonymous security researcher demonstrated that the browser was sending the queries for .onion addresses to public DNS resolvers for all to see, defeating the purpose of using the Tor mode.

Already fixed

Following the disclosure, several security researchers including PortSwigger Web Security's James Kettle were able to independently verify the issue.

As it gained traction, Brave confirmed that they've been aware of the DNS leak since January 2021 when it was reported to its HackerOne-run bounty program. According to reports, Brave's internal ad blocker component was responsible for inadvertently leaking the .onion domains.

The issue had already been addressed in the development nightly stream of the browser, according to Brave's security engineer Yan Zhu. As per the usual practice new changes are tested in developmental branches of a software, to spot for any regressions, before they are pushed to the stable mainline release.

However, Zhu wrote that since the issue is now public, the developers were “uplifting the fix to a stable hotfix.” Not long after Brave released an updated stable release v1.20.108 that fixed the leak.

Via: ZDNet

How It works

Search Crack for

Latest IT News

Mar 6
Google will be shipping Chrome updates faster but the company will also offer an Extended Stable option for enterprise customers.
Mar 6
The email provider Hey has created a new service that allows users to create their own blog over email.
Mar 5
Microsoft has added a startup boost feature to Edge to make its browser launch even faster after a system reboot.
Mar 5
A new email service from Huawei seems to be undergoing testing.
Mar 5
Wix Restaurant has recorded tremendous growth in recent times.
Mar 5
There's no law against the deceptive use of CNAME.
Mar 5
We feature he best note-taking apps for the iPad Pro, to make it simpler and easier to create and manage documents.

Latest cracks