Brave browser leaks Tor addresses to DNS providers

Brave’s confidential browser has leaked confidential information from the Tor network to DNS providers. This is not a new or Brave specific bug, the developers are working hard to fix it.

The Chromium-based Brave browser integrated with Tor Anonymous has leaked sensitive .onion addresses to domain name system providers. Tor hides user browsing activity by redirecting traffic through a global relay network. This makes it nearly impossible to track the user’s web search history.

But due to a bug discovered in the beta, and which the developers plan to fix soon with a patch release, this sensitive information has been leaked to DNS providers. This meant that Internet companies could track their users’ Tor activity.

The error stems from the fact that Brave, which integrated Tor in 2018, is based on Chromium. It uses the same architecture as Firefox and Google Chrome. This issue has been present in Chromium-based browsers for over a decade and was discovered in Brave back in 2019.

The bug in Brave became known on January 21 after the release of the Hacker One report. The bug was fixed and then the Nightly version was added two weeks ago. Nightly is the developer version of Brave that gets updated every day. However, since the bug this week got a lot of attention on Reddit and Twitter, Brave developers have accelerated development of the patch for the main version of the browser.

Brave previously stated that the browser’s privacy level is not the same as Tor.

“Brave with Tor does not offer the same level of privacy as the Tor browser. If it is vital for you to remain anonymous, use the Tor browser, “- wrote Brave VP of IT Ryan Watson two years ago on Reddit. “The Tor community is also the first to know about security issues, so they patch Tor first and then move on to other applications.”

Recall that last month the Brave developers added support for IPFS addresses to the browser.