Brave browser acts quickly to resolve Tor session confidentiality bug

Gandalf_The_Grey

Level 82
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,189
Feature did not sufficiently anonymize private browsing sessions

Developers at alternative privacy-focused browser Brave have been praised for quickly resolving a potentially troublesome privacy flaw.

Security researcher sick.codes found that the Brave private window (incognito) feature with Tor does not sufficiently anonymize users visiting Brave’s partner websites such as Binance and Coinbase.

On further digging, the same researcher discovered that Brave generated a folder during Tor sessions that it failed to delete at the end of private browsing sessions.

“After the user ends the Tor session, the data is not cleared and users should be aware that the Tor feature of Brave browser is not secure as intended and the browser can leak, or send usage statistics, of critical information to their partner websites that could be used by an attacker to triangulate a user,” the security researcher warned in an email to Brave.

Brave developer Yan Zhu responded promptly to the warning by developing a fix, which has been incorporated into the pre-mainstream release (nightly) version of the browser.

Brave 1.18.27 and below are affected.

The mainstream version is yet to be patched to resolve the security flaw.
Read the full article here at PortSwigger:
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top