70% of VPN Chrome Extensions Leak Your DNS

Status
Not open for further replies.
H

HarborFront

Level 71
Thread author
Verified
Top Poster
Content Creator
Oct 9, 2016
6,026
70% of VPN Chrome Extensions Leak Your DNS
Last updated: April 2, 2018

John Mason
We tested 15 VPNs and 10 of them were causing DNS leaks through their Chrome browser extensions. This research was put together with the help of TheBestVPN.com & File Descriptor – ethical hacker from Cure53.

Intro

Google Chrome has a feature called DNS Prefetching(DNS Prefetching - The Chromium Projects) which is an attempt to resolve domain names before a user tries to follow a link.

It’s a solution to reduce latency delays of DNS resolution time by predicting what websites a user will mostly likely visit next by pre-resolving the domains of those websites.

The Problem

When using a VPN browser extensions, Chrome provides two modes to configure the proxy connections, fixed_servers and pac_script.

In fixed_servers mode, an extension specifies the host of a HTTPS/SOCKS proxy server and later all connections will then go through the proxy server.
In pac_script mode on the other hand, an extension provides a PAC script which allows dynamically changing the HTTPS/SOCKS proxy server’s host by various conditions. For example, an VPN extension can use a PAC script that determines if a user is visiting Netflix by having a rule that compares the URL and assigns a proxy server that is optimized for streaming. The highly dynamic nature of PAC scripts means the majority of VPN extensions use the mode pac_script over fixed_servers.
Now, the issue is that DNS Prefetching continues to function when pac_scriptmode is used. Since HTTPS proxy does not support proxying DNS requests and Chrome does not support DNS over SOCKS protocol, all prefetched DNS requests will go through the system DNS. This essentially introduces DNS leak.
There are 3 scenarios that trigger DNS Prefetching:
  • Manual Prefetch
  • DNS Prefetch Control
  • Omnibox
The first two allow a malicious adversary to use a specifically crafted web page to force visitors to leak DNS requests. The last one means when a user is typing something in the URL address bar (i.e. the Omnibox), the suggested URLs made by Chrome will be DNS prefetched. This allows ISPs to use a technology called “Transparent DNS proxy” to collect websites the user frequently visits even when using browser VPN extension.

Test Your VPN For DNS Leaks

To test if your VPN is vulnerable, do the following test:
  1. Activate the Chrome plugin of your VPN
  2. Go to chrome://net-internals/#dns
  3. Click on “clear host cache”
  4. Go to any website to confirm this vulnerability

If you find a VPN that is not listed, but leaks – please send us a screenshot (john@thebestvpn.com) and we’ll update the list.

Affected VPNs That We’ve Tested (2nd of April):
  1. Hola VPN
  2. OperaVPN
  3. TunnelBear
  4. HotSpot Shield
  5. Betternet
  6. PureVPN
  7. VPN Unlimited
  8. ZenMate VPN
  9. Ivacy VPN
  10. DotVPN
Example of PureVPN leak

VPNs That Don’t Leak
  1. WindScribe
  2. NordVPN
  3. CyberGhost
  4. Private Internet Access
  5. Avira Phantom VPN
Example: NordVPN doesn’t leak

Solution/Fix

Users who want to protect themselves should follow the remediation:
  • 1. Navigate to chrome://settings/ in the address bar
  • 2. Type “predict” in “Search settings”
  • 3. Disable the option “Use a prediction service to help complete searches and URLs typed in the address bar” and “Use a prediction service to load pages more quickly”
dns-leak-fix-1024x605.png


70% of VPN Chrome Extensions Leak Your DNS | TheBestVPN.com
 
Last edited:
  • Like
Reactions: mehdi.n, Sunshine-boy, Paul.R and 7 others
Draygoes

Draygoes

Level 1
Verified
Mar 29, 2018
19
See, I was wondering about this but did not have the time to test it.
Thank you for confirming my suspicions.
 
  • Like
Reactions: Jake Miguel
Jake Miguel

Jake Miguel

Level 3
Verified
Well-known
Nov 14, 2016
134
That's about right. Sorry for reviving this thread. But I am currently looking into chrome extensions that are not leaking DNS and found out many websites like thebestvpn and review giants VPNRanks have already covered it.

I have tested a few vpns that I have with me.. and surprisingly on a handful were successful. Nord, IPVanish and Buffered didn't leak any DNS. However, one mentioned above "Avira" leaked.
 
  • Like
Reactions: Andy Ful and upnorth
LDogg

LDogg

Level 33
Verified
Top Poster
Well-known
May 4, 2018
2,261
Informative post. Good to know that Windscrive during the test didn't leak anything.

~LDogg
 
F

ForgottenSeer 58943

PIA and Windscribe, both don't leak and I use both. Magical. Of course I test these things before hand for myself just to be sure. :)
 
Status
Not open for further replies.

Similar threads

Gandalf_The_Grey
    • Wow
    • Like
    • +Reputation
Security News ExpressVPN bug has been leaking some DNS requests for years
Replies
0
Views
865
Security News
Gandalf_The_Grey
Gandalf_The_Grey
n8chavez
    • Like
Question VPN DNS Filtering
Replies
29
Views
1,721
VPN and DNS
n8chavez
n8chavez
oldschool
    • Like
    • Hundred Points
    • Applause
Hot Take Chrome Extensions: eyeo's journey to testing service worker suspension
Replies
1
Views
279
Web Extensions
oldschool
oldschool

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top