Back to search
CVE-2022-30334
Published: May 7, 2022
Modified: Aug 3, 2024
PUBLISHED
Description
Brave before 1.34, when a Private Window with Tor Connectivity is used, leaks .onion URLs in Referer and Origin headers. NOTE: although this was fixed by Brave, the Brave documentation still advises "Note that Private Windows with Tor Connectivity in Brave are just regular private windows that use Tor as a proxy. Brave does NOT implement most of the privacy protections from Tor Browser."
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://hackerone.com/reports/1337624
x_refsource_MISC
https://github.com/brave/brave-core/pull/10760
x_refsource_MISC
https://github.com/brave/brave-browser/issues/18071
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now