Leaking IPs in Brave Tor Window & Chrome VPNs + Popunders + CSP Bypass (fixed)

jerm · July 16, 2025, 5:27pm

Fortunately, an upstream fix was submitted by Brave’s security team which led to both of these Web APIs to be fixed in Chromium relatively quickly. (#6249551 & #6269498)

There is one more way through which I was able to achieve the same impact (Leaking the user’s real IP address to a remote host behind Chrome VPN Extensions/Brave’s Tor window) which is unrelated to the BackgroundFetch/WebAuthn APIs. However that issue has yet to be fully resolved by all affected vendors, so sadly, I am not allowed to disclose it for now.

KevPham · July 16, 2025, 5:44pm

Not surprised at seeking bugs like this. Brave with Tor never made much sense to me in the first place.

I can’t think of a reason of using it, but of course anyone can enlighten me on why

anonymous372 · July 17, 2025, 7:03pm

Additionally, Chromium has security advantages over Gecko

Topic		Replies	Views
How effective is WIndscribe FF extension? Questions	2	281	April 17, 2025
Remove Brave Tool Suggestions rejected	58	10590	April 15, 2025
Question About Epic Privacy Browser Questions browsers	1	287	March 17, 2025
Brave browser installing VPN services on Windows General browsers	16	6403	March 22, 2024
IPFS, Privacy and VPN - Brave Web3 Extension and VPN on operating system: functional or not? Questions	2	349	December 3, 2023

Leaking IPs in Brave Tor Window & Chrome VPNs + Popunders + CSP Bypass (fixed)

Related topics