Wednesday, June 19, 2024

70% Of Chrome VPN Extensions Leak Your DNS Requests

Popular chrome VPN Extensions leak customers DNS requests that made through Google Chrome DNS Prefetching feature which use to resolve the domains names before the user follows the link.

DNS Prefetching is to reduce the latency delays that improves the website leading speed in chrome by pre-resolving the domains of those websites.

For VPN browser extensions chrome provides the proxy connection in two modes fixed_servers and pac_script. With fixed_servers it specifies the SOCKS proxy server and all the connections will be routed through the same proxy server.

pac_script is the dynamically changing one under various conditions and a majority of the VPN provides using the majority of VPN extensions use the mode pac_script.

John Mason from best VPN says Now, the issue is that DNS Prefetching continues to function when the pac_script mode is used. Since HTTPS proxy does not support proxying DNS requests and Chrome does not support DNS over SOCKS protocol, all prefetched DNS requests will go through the system DNS. This essentially introduces DNS leak.

He conducted the survey against 15 VPN and 10 VPNs are vulnerable to the data leak.

VPN Extensions Leak DNS Requests

Hola VPN
HotSpot Shield
VPN Unlimited
ZenMate VPN
Ivacy VPN

VPN Extensions Not Affected

Private Internet Access
Avira Phantom VPN

How to test you VPN Extensions Leak DNS Requests

To test the VPN leaks the DNS request

Activate the Chrome plugin of your VPN
Go to chrome://net-internals/#dns
Click on “clear host cache”
Go to any website to confirm this vulnerability

How to Mitigate VPN Extensions Leak DNS Requests

John Mason provided mitigations for Users who want to protect themselves.

1. Navigate to chrome://settings/ in the address bar
2. Type “predict” in “Search settings”
3. Disable the option “Use a prediction service to help complete searches and URLs typed in the address bar” and “Use a prediction service to load pages more quickly”


Latest articles

Amtrak Data Breach: Hackers Accessed User’s Email Address

Amtrak notified its customers regarding a significant security breach involving its Amtrak Guest Rewards...

Chrome Security Update – Patch for 6 Vulnerabilities

Google has announced a new update for the Chrome browser, rolling out version 126.0.6478.114/115...

Hackers Weaponize Windows Installer (MSI) Files to Deliver Malware

Cybersecurity researchers have uncovered a sophisticated malware campaign orchestrated by a threat actor group,...

Hackers Using VPNs To Exploit Restrictions & Steal Mobile Data

Hackers are offering "free" mobile data access on Telegram channels by exploiting loopholes in...

New PhaaS Platform Lets Attackers Bypass Two-Factor Authentication

Several phishing campaign kits have been used widely by threat actors in the past....

Stuxnet, The Malware That Propagates To Air-Gapped Networks

Stuxnet, a complex worm discovered in 2010, targeted Supervisory Control and Data Acquisition (SCADA)...

Threat Actors Claiming Breach of AMD Source Code on Hacking Forums

A threat actor named " IntelBroker " claims to have breached AMD in June...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles