-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[hackerone] #492048 - .onion domains leaks #3249
Labels
feature/tor/leakproofing
Eliminating unexpected ways that someone using Tor might be unmasked.
OS/Windows
priority/P2
A bad problem. We might uplift this to the next planned release.
QA Pass-Win64
QA/Yes
release-notes/include
security
Milestone
Comments
diracdeltas
added
feature/tor/leakproofing
Eliminating unexpected ways that someone using Tor might be unmasked.
priority/P2
A bad problem. We might uplift this to the next planned release.
OS/Windows
labels
Feb 6, 2019
18 tasks
diracdeltas
added a commit
to brave/brave-core
that referenced
this issue
Feb 6, 2019
Quick fix brave/brave-browser#3249; can revert once https://bugs.chromium.org/p/chromium/issues/detail?id=929141 is fixed. Test plan (windows only) 1. Go to a non-existent site like dklfjdkafjdkafj.com 2. You should not see a button that says 'Running Windows Network Diagnostics'
diracdeltas
added a commit
to brave/brave-core
that referenced
this issue
Feb 7, 2019
These probes should already be disabled by default because kAlternateErrorPagesEnabled is false by default in Brave. This patch makes it impossible to enable these probes, since they could cause Tor leaks. partial fix brave/brave-browser#3249
diracdeltas
added a commit
to brave/brave-core
that referenced
this issue
Feb 7, 2019
Cherry-pick of https://chromium.googlesource.com/chromium/src.git/+/e005fff9c838a13ff1402b01617adca691187a6b. Needed for brave/brave-browser#3249. Please revert this commit when Brave's chromium src is rebased to include e005fff9c838a13ff1402b01617adca691187a6b.
diracdeltas
added a commit
to brave/brave-core
that referenced
this issue
Feb 7, 2019
Needed for brave/brave-browser#3249 prefs::kAlternateErrorPagesEnabled defaults to false in brave, so this should be disabled by default already. This patch disables the error page DNS probe regardless of prefs because it could potentially cause leaks in Tor windows.
18 tasks
diracdeltas
added a commit
to brave/brave-core
that referenced
this issue
Feb 14, 2019
Cherry-pick of https://chromium.googlesource.com/chromium/src.git/+/e005fff9c838a13ff1402b01617adca691187a6b. Needed for brave/brave-browser#3249. deleted the browsertest part of this patch as requested by brianj Please revert this commit when Brave's chromium src is rebased to include e005fff9c838a13ff1402b01617adca691187a6b. (Expected to be in C74)
diracdeltas
added a commit
to brave/brave-core
that referenced
this issue
Feb 14, 2019
Needed for brave/brave-browser#3249 prefs::kAlternateErrorPagesEnabled defaults to false in brave, so this should be disabled by default already. This patch disables the error page DNS probe regardless of prefs because it could potentially cause leaks in Tor windows.
18 tasks
Verification passed on
Used test plan from brave/brave-core#1605 Guest Window |
This was referenced Feb 19, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
feature/tor/leakproofing
Eliminating unexpected ways that someone using Tor might be unmasked.
OS/Windows
priority/P2
A bad problem. We might uplift this to the next planned release.
QA Pass-Win64
QA/Yes
release-notes/include
security
https://hackerone.com/bugs?report_id=492048
Test Plan (windows only):
The text was updated successfully, but these errors were encountered: