Monday, November 25, 2024
HomeSecurity News70% Of Chrome VPN Extensions Leak Your DNS Requests

70% Of Chrome VPN Extensions Leak Your DNS Requests

Published on

Popular chrome VPN Extensions leak customers DNS requests that made through Google Chrome DNS Prefetching feature which use to resolve the domains names before the user follows the link.

DNS Prefetching is to reduce the latency delays that improves the website leading speed in chrome by pre-resolving the domains of those websites.

For VPN browser extensions chrome provides the proxy connection in two modes fixed_servers and pac_script. With fixed_servers it specifies the SOCKS proxy server and all the connections will be routed through the same proxy server.

- Advertisement - SIEM as a Service

pac_script is the dynamically changing one under various conditions and a majority of the VPN provides using the majority of VPN extensions use the mode pac_script.

John Mason from best VPN says Now, the issue is that DNS Prefetching continues to function when the pac_script mode is used. Since HTTPS proxy does not support proxying DNS requests and Chrome does not support DNS over SOCKS protocol, all prefetched DNS requests will go through the system DNS. This essentially introduces DNS leak.

He conducted the survey against 15 VPN and 10 VPNs are vulnerable to the data leak.

VPN Extensions Leak DNS Requests

Hola VPN
OpenVPN
TunnelBear
HotSpot Shield
Betterment
PureVPN
VPN Unlimited
ZenMate VPN
Ivacy VPN
DotVPN

VPN Extensions Not Affected

WindScribe
NordVPN
CyberGhost
Private Internet Access
Avira Phantom VPN

How to test you VPN Extensions Leak DNS Requests

To test the VPN leaks the DNS request

Activate the Chrome plugin of your VPN
Go to chrome://net-internals/#dns
Click on “clear host cache”
Go to any website to confirm this vulnerability

How to Mitigate VPN Extensions Leak DNS Requests

John Mason provided mitigations for Users who want to protect themselves.

1. Navigate to chrome://settings/ in the address bar
2. Type “predict” in “Search settings”
3. Disable the option “Use a prediction service to help complete searches and URLs typed in the address bar” and “Use a prediction service to load pages more quickly”

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Threat Actors Exploit Google Docs And Weebly Services For Malware Attacks

Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting...

Python NodeStealer: Targeting Facebook Business Accounts to Harvest Login Credentials

The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ...

XSS Vulnerability in Bing.com Let Attackers Send Crafted Malicious Requests

A significant XSS vulnerability was recently uncovered in Microsoft’s Bing.com, potentially allowing attackers to...

Meta Removed 2 Million Account Linked to Malicious Activities

 Meta has announced the removal of over 2 million accounts connected to malicious activities,...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Nearest Neighbor Attacks: Russian APT Hack The Target By Exploiting Nearby Wi-Fi Networks

Recent research has revealed that a Russian advanced persistent threat (APT) group, tracked as...

Critical PDF.js & React-PDF Vulnerabilities Threaten Millions Of PDF Users

A new critical vulnerability has been discovered in PDF.js, which could allow a threat...

LayerX Security Raises $26M for its Browser Security Platform, Enabling Employees to Work Securely From Any Browser, Anywhere

LayerX, pioneer of the LayerX Browser Security platform, today announced $24 million in Series...