New Update Brave is getting Container support and the feature has made a big jump recently

Thanks for the heads up...it looks promising :)

Screenshot 2026-06-08 121832.png
 
I have the containers in the settings, but how do get the popup to choose? When I open a bookmark in a container it is not remembered :unsure::unsure:
This is what Google AI said, as when I created a MT's link into a Personal container, it didn't open in that container when I went to this site from a different tab, I had to right-click the tab and "open in" the Personal container (which has a blue Personal icon, image below):

Currently, Brave does not automatically open specific websites in specific containers (often called auto-container rules). Brave's native container feature requires you to manually right-click an existing tab and select "Open in container". The reason the site is not logging in is that each container creates an isolated session. Your login cookies, which authenticate you on that website, are sitting in your default/main browsing session, not inside the new container tab.

And this was posted in this link, and I'm not sure I'm understating it correctly, as was posted above in Google AI's response?
Parts that are still Work-in-Progress (WIP):

Opening a container isn't as straightforward as it could be. To open a container, you must first have the website you want opened in a non-container tab, then you will right click that tab, then will you have the option to open the tab in a container. Different to Firefox where you can right click or press and hold the New Tab button and your container list would appear.

Screenshot 2026-06-08 130618.png
 
Last edited:
At least F-Secure's banking protection was in full force in a Container I used for my banking site, with the green frame (it's always been compatible with Brave/Chromium) and the notice if I try opening another tab besides the banking site I was on. But, until this new addition is no longer in the "experimental" phase, I'll continue to use my Chrome Profile where I'm not logged into anything, even Google, for my banking etc. sites.

Screenshot 2026-06-08 132053.png
 
Thanks for the heads-up about the Containers flag! It's a great step for those of us looking for Firefox-style isolation without having to resort to multiple Chromium profiles.

Now that Enable Containers is available in the flags, I've been checking brave://flags to see what other options could complement it in terms of security. I'm thinking of combining it with these three:

  • Strict-Origin-Isolation: Reinforces process isolation by origin, adding hardware-level security.
  • Anonymize local IPs exposed by WebRTC: Prevents local IP leaks via mDNS, useful for hiding network topology.
  • Block scripts loaded via document.write: Blocks old and heavy scripts, although it might break legacy sites (government portals or payment gateways that still rely on this technique).
Do you think activating the first two alongside Containers is a balanced approach for daily use? And how is the compatibility when blocking document.write in practice?

I'd love to know what you think! 🛡❓🦁
 
Do you think activating the first two alongside Containers is a balanced approach for daily use?
The first should be fine. I always enable this in Chromium browsers. I'm not sure as to the second. I know that one doesn't hide IP adresses.
how is the compatibility when blocking document.write in practice?
I enable it same as the first one.
 
Thanks for replying, @oldschool! I enabled those flags and, so far, I haven't run into any issues on the sites I visit daily.

I was doing a bit of digging regarding that WebRTC flag and you're absolutely right: it doesn't hide the public IP. What it does is replace internal network addresses (like 192.168.x.x) with temporary mDNS identifiers so the LAN topology isn't leaked. The external IP is still exposed if the protocol requires it. Just wanted to share the info here in case anyone else was curious about how it exactly works. 🌐🛡️
 
Thanks for the heads-up about the Containers flag! It's a great step for those of us looking for Firefox-style isolation without having to resort to multiple Chromium profiles.

Now that Enable Containers is available in the flags, I've been checking brave://flags to see what other options could complement it in terms of security. I'm thinking of combining it with these three:

  • Strict-Origin-Isolation: Reinforces process isolation by origin, adding hardware-level security.
  • Anonymize local IPs exposed by WebRTC: Prevents local IP leaks via mDNS, useful for hiding network topology.
  • Block scripts loaded via document.write: Blocks old and heavy scripts, although it might break legacy sites (government portals or payment gateways that still rely on this technique).
Do you think activating the first two alongside Containers is a balanced approach for daily use? And how is the compatibility when blocking document.write in practice?

I'd love to know what you think! 🛡❓🦁

To remove the public IP exposed by WebRTC, you need to use a rule in uBo or the AG browser extension.
As for uBoL, I’m not sure if the script required for removal still works, since I haven’t tested it in a while.
 
To remove the public IP exposed by WebRTC, you need to use a rule in uBo or the AG browser extension.
As for uBoL, I’m not sure if the script required for removal still works, since I haven’t tested it in a while.
Thanks for the info, @Sampei.Nihira . I was looking into WebRTC IP leaks in Brave and came across something that seems related.

In uBlock Origin, there are global rules like *$webrtc, but from what I've read they can be quite aggressive and may break video calling sites.

A more balanced option in Brave might be going to Settings → Privacy and security → "WebRTC IP handling policy" and setting it to "Disable non-proxied UDP". If I understand it correctly, this helps prevent WebRTC from bypassing a VPN connection, while Brave already hides local IP addresses through mDNS.

Up until now, I was using the WebRTC Protect extension, but it looks like Brave's native setting may provide similar protection. I'm still learning about this topic, though.

Which method do you use to check for WebRTC leaks or protect against them? I'd appreciate any advice. 🛡️🤔
 
@Halp2001 I also picked up below flags posted by various members
View attachment 298025

Enable below flags only when you have sufficient memory (e,g 16 GB RAM+)
View attachment 298026
Thanks for sharing these suggestions, LinuxFan58! I'm currently going through Brave's flags and your list came at the perfect time.

I've been reading about options like Strict-Origin-Isolation and PartitionAlloc with Advanced Checks, and I'm still trying to understand the balance between extra security and resource usage in everyday browsing.

I'm fairly new to tweaking these settings, so posts like yours are really helpful for figuring out which flags are worth enabling and which ones are better left alone. If you have any recommendations regarding WebRTC-related flags, input protection, or other security-focused settings, I'd be interested to hear your thoughts.

Thanks again for sharing your experience! 🛡️🙂
 
Thanks for the info, @Sampei.Nihira . I was looking into WebRTC IP leaks in Brave and came across something that seems related.

In uBlock Origin, there are global rules like *$webrtc, but from what I've read they can be quite aggressive and may break video calling sites.

A more balanced option in Brave might be going to Settings → Privacy and security → "WebRTC IP handling policy" and setting it to "Disable non-proxied UDP". If I understand it correctly, this helps prevent WebRTC from bypassing a VPN connection, while Brave already hides local IP addresses through mDNS.

Up until now, I was using the WebRTC Protect extension, but it looks like Brave's native setting may provide similar protection. I'm still learning about this topic, though.

Which method do you use to check for WebRTC leaks or protect against them? I'd appreciate any advice. 🛡️🤔

With Firefox + uBo, I use the setting change; in this case, no exceptions are needed.

With Chrome + AG, I could just use the AG setting, but I also use a scriptlet; in this case, I’ve pre-configured 6 exceptions for certain websites that might malfunction.

With Chrome + uBo, these 6 websites definitely malfunctioned.
With Chrome + AG, I haven’t had time to check yet.
 
I also picked up below flags posted by various members
Also interesting flag settings to harden and privatize Brave.
enable:
Enable CNAME uncloaking
Enable cosmetic filtering
Enable support for CSP rules
Enable dark mode blocking fingerprint protection
Enable domain blocking using First Party Ephemeral Storage
Enable debouncing
Enable De-AMP
Enable sync loading of cosmetic filter rules
Enable Ephemeral Storage
Enable First Party Storage Cleanup support
Block screen fingerprinting
Show Strict Fingerprinting Mode

disable:
Enable navigator.connection attribute
 

You may also like...