- May 4, 2019
How I found a Tor vulnerability in Brave Browser, reported it, watched it get patched, got a CVE (CVE-2020-8276) and a small bounty, all in one working day - Research Hub - disclose.ioRecently, I discovered a small but potentially devastating vulnerability in the new Tor feature of the Brave browser.
As of November 2nd 2020, Brave monthly users 28 have massively increased their browser market share to 20 Million Monthly Active Users + 7 Million Daily Active Users.
Brave is based on Chromium, which is the Open Source version of the well known Chrome browser. Being an Open Source project, this allows any developer, anywhere, the ability to inspect the source code of the project. You can inspect the code yourself here: brave/brave-core 66
In 2018 Brave added the ability to integrate Tor sessions into their Incognito mode. Essentially, it is Private Window browsing inside Chrome, with an added Tor network traffic routing circuit, for a whole range of added privacy bonuses: Brave Introduces Beta of Private Tabs with Tor for Enhanced Privacy while Browsing | Brave Browser 30