Brave Browser Privacy Bug Leaks Tor URLs

Brave Browser Privacy Bug Leaks Tor URLs

Brave browser, one of the well-known privacy oriented browser, has been found to expose .onion queries of its users to public DNS resolvers due to a bug in its CNAME masquerading blocking mechanism.

What is Brave Browser?

Brave Browser Privacy Bug Leaks Tor URLs: Brave is a Chromium-based web browser that aims to offer a faster and safer experience to its users. As privacy being one of its most significant feature, Brave has a built-in ad blocker and strict rules on how data get processed. Since 2018, Brave also supports a built-in Tor browser mode to allow its users to surf the Internet anonymously.

The Privacy Bug on Brave

Recently, an anonymous researcher has discovered a privacy related vulnerability on the Brave that leaks .onion queries to public DNS resolvers instead of sending them to the Tor proxy. In Tor mode, no information that could breach the privacy of the users should be send to any non-Tor device.

Further research on the bug revealed that the issue is caused by the CNAME masquerading blocking feature of the Brave. CNAME masquerading blocking is a security mechanism that is also supported by Firefox browser. Essentially, this security feature aims to prevent third-party scripts that use CNAME DNS records to hide their real origin.

The privacy issue has been fixed by the Brave browser soon after the public disclosure of the bug. For safer browsing experience, Brave users should update to the most recent version 1.20.108.

Quote by Gary Kovacs
Quote by Gary Kovacs

Privacy is not an option, and it shouldn’t be the price we accept for just getting on the Internet.

Gary Kovacs

Read more educational and inspirational cyber quotes at our page 100+ Best Cyber Security & Hacker Quotes.

To learn more about anonymous browsing and protecting your privacy, you could also read our articles What Is Tor? or How to Use Tor Safely?