Update How I found a Tor vulnerability in Brave Browser, reported it, watched it get patched, got a CVE (CVE-2020-8276) and a small bounty

Correlate

Level 16
Verified
May 4, 2019
756
Recently, I discovered a small but potentially devastating vulnerability in the new Tor feature of the Brave browser.

As of November 2nd 2020, Brave monthly users 28 have massively increased their browser market share to 20 Million Monthly Active Users + 7 Million Daily Active Users.

Brave is a unique browser, created by Brendan Eich, who is also the inventor/creator of JavaScript. He is also the former CEO of the Firefox browser’s parent company, Mozilla.

Brave is based on Chromium, which is the Open Source version of the well known Chrome browser. Being an Open Source project, this allows any developer, anywhere, the ability to inspect the source code of the project. You can inspect the code yourself here: brave/brave-core 66

In 2018 Brave added the ability to integrate Tor sessions into their Incognito mode. Essentially, it is Private Window browsing inside Chrome, with an added Tor network traffic routing circuit, for a whole range of added privacy bonuses: Brave Introduces Beta of Private Tabs with Tor for Enhanced Privacy while Browsing | Brave Browser 30
How I found a Tor vulnerability in Brave Browser, reported it, watched it get patched, got a CVE (CVE-2020-8276) and a small bounty, all in one working day - Research Hub - disclose.io
 

dinosaur07

Level 10
Verified
Aug 5, 2012
479
Funny thing.
Kaspersky doesn't let me see the page.
SmartSelect_20201129-171450_Chrome.jpg
 
Top