Brave Web Browser 1.20.108 Is Released With Fix For Major Security Flaw In Private Tor Windows

From LinuxReviews
Jump to navigationJump to search
Brave logo.png

Several recent version of the Brave Web Browser have had a very unfortunate DNS-leak flaw in the "private" Tor-based browsing feature. The latest version 1.20.208 has a new version of the Chromium core it is based on (88.0.4324.182), a fix for DNS leaks in supposedly "private" web browser windows and two fixes specific to macOS. You should upgrade if you rely on Brave for "private" web browsing or use it to access Tor onion sites.

written by 윤채경 (Yoon Chae-kyung) 2021-02-23 - last edited 2021-02-23. © CC BY

Private-tor-window-in-the-brave-web-browser.jpg
A private web browser window in the Brave Web Browser.

The "Private Window with Tor" feature in the Brave Web Browser advertises that:

"With Tor, your browsing is also hidden from your ISP or employer, and your IP address is hidden from the sites you visit."

The Brave Web Browser

One major problem with that story in several recent version of the Brave Web Browser is that it did, in fact, not hide what sites you visited from "from your ISP or employer" and it would, additionally, also report DNS queries to Google via their DNS servers 8.8.8.8 and 8.8.4.4.

Rambler over at ramble.pw reported that previous version of Brave would even send queries for location hidden onion sites on the Tor network to your regular system-configured DNS provider:

"This is especially worrisome for those of you who use Brave browser from your normal residential IP and (for whatever reason) use the Tor feature built into the browser to access Tor sites. Your ISP or DNS provider will know that a request made to a specific Tor site was made by your IP. With Brave, your ISP would know that you accessed somesketchyonionsite.onion."

You should upgrade and ensure that you are using version 1.20.108 or newer if you occasionally use the Brave Web Browser to access Tor onion sites or rely on it's "private" Tor-browsing mode for anything even remotely critical. You can acquire the latest version from brave.com.

0.00
(0 votes)

avatar

Anonymous user #1

12 days ago
Score 0++
This is why you should always use a Firefox based browser.
Add your comment
LinuxReviews welcomes all comments. If you do not want to be anonymous, register or log in. It is free.