Privacy bug in the Brave browser exposes Tor addresses to user’s DNS provider

A privacy bug in the Brave Browser caused the leak of the Tor onion URL addresses visited in the Tor mode by the users.

A bug in the Private Window with Tor implemented in the Brave web browser could reveal the onion sites visited by the users.

The Tor mode implemented in the Brave web browser allows users to access .onion sites inside Brave private browsing windows.

When users are inside a Private Window with Tor, Brave doesn’t connect directly to a website, instead, it connects to a chain of three different computers in the Tor network.

An anonymous researcher initially reported that the Brave’s Tor mode was sending queries for .onion domains to public internet DNS resolvers, other experts confirmed his findings.

“If you’re using Brave you probably use it because you expect a certain level of privacy/anonymity. Piping .onion requests through DNS where your ISP or DNS provider can see that you made a request for an .onion site defeats that purpose.” explained the researcher. “Anyhow, it was reported by a partner that Brave was leaking DNS requests for onion sites and I was able to confirm it at the time.”

Every query is saved in logs of the DNS server for the Tor traffic of Brave web browser users.

The Brave development team shortly after the public disclosure of the bug addressed it in The Brave Nightly version and it will be released to the stable version with the next Brave browser update.

According to the development team, the privacy bug resides in the internal ad blocker component of the Brave web browser. The component was using DNS queries to determine if a site was attempting to bypass the ad-blocking features, but the problem is that it performed the same checks for .onion addresses.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Brave web Browser)

[adrotate banner=”5″]

[adrotate banner=”13″]