An IT security researcher discovered that Brave, a privacy-oriented web browser based on Chromium, had a DNS request leak vulnerability. James Kettle (PortSwigger Director of Research), and Will Dormann (CERT/CC vulnerability analyst) confirmed this later.
This led to user activity on Tor anonymity network’s dark servers (the Dark Web) being made public to their internet service providers (ISPs).
Notable is the fact that the privacy-focused, Chromium-based Brave Browser has over 20,000,000 users as of November 2020. also made headlines when it entered the dark web using its Tor Onion service.
Brave comes with a feature that allows Tor to be integrated into the browser. This will hide a user’s internet activities, and provide maximum privacy and security. Tor can also be used to access the Dark Web’s.Onion websites.
A post by Rumble shows that DNS requests can be traced back to the browser, despite the fact they are not encrypted. This contradicts their privacy claims.
What Brave Browser Leaked Tor DNS Requests to Itself?
Brave will forward Tor proxy requests to Tor without any other internet service. This step is crucial to protect user privacy while surfing the internet.
The bug in Brave’s Private Window with Tor mode led to the URL.onion (regardless if the Tor address is used) being sent to Brave’s DNS server.
BleepingComputer confirmed this using Wireshark to view DNS traffic in Brave Browser’s Tor mode. Brave browser sent DNS queries to BleepingComputer DNS servers locally at IP 220.127.116.11.
Kettle tweeted about the bug and also included a picture of the evidence. It read:
I just confirmed that Brave browsers Tor mode leaks all the.onion address addresses to your DNS provider.
Fixed vulnerability – Upgrade your browser
A Brave browser developer who uses the Twitter handle @bcrypt said that a hotfix would be issued to fix this problem. It was reported 18 days ago on the Github page.
Developer revealed the problem was due to the browser’s CNAME-decloaking ad blocking feature. Third-party tracking scripts are blocked by this feature, as they use CNAME DNS records to impersonate the first-party script.
1. This was reported already on hackerone. It was quickly fixed in nightly. (Upgrade to Nightly if desired).
2. Since it is now publicly available, we are promoting the fix as a stable hotfix
root cause is regression from cname-based adblocking which used a separate DNS query https://t.co/dLjeu4AXtP
— yan, @bcrypt February 19, 2021
This option is not available in Tow browser mode. Developer noted that this issue was fixed in the latest browser development build.
The developer wrote on Twitter that “since it’s now publicly we’re elevating the fix to be a stable hotfix.”
This article was enjoyable. Do not forget to Like our Facebook page or Follow Us on Twitter