“Users of this Tor feature in Brave expected to have the websites they visit hidden to their ISPs, schools and employers, but that domain information (DNS traffic) was instead revealed. “An update to adblocking in Brave browser introduced a vulnerability that exposed users of the browser’s most private feature – Tor windows and tabs,” said O’Brien.
onion domain requests observable but so were all domain requests in Tor tabs, meaning that when a website loaded content from YouTube, Google or Facebook, all of those requests could be observable, even if the content itself was not. The leaks had been ongoing for months before Brave became aware of them, said Sean O’Brien, principal researcher at ExpressVPN Digital Security Lab, who conducted further research into the vulnerability and shared it exclusively with CoinDesk. Following this, Brave confirmed that they were aware of the issue, and pushed a security patch to the browser Friday evening.
The findings were quickly confirmed by security researchers on Twitter.
“He mentioned noting it while observing his outbound DNS traffic on his local network.” “It was discovered by my partner on my startup, as we’re working on an ad and ‘BS’ blocking VPN service (as well as other things, as shown on the site),” said py4YQFdYkKhBK690mZql in a direct message to CoinDesk.
0 kommentar(er)
