Popular chrome VPN Extensions leak customers DNS requests that made through Google Chrome DNS Prefetching feature which use to resolve the domains names before the user follows the link.
DNS Prefetching is to reduce the latency delays that improves the website leading speed in chrome by pre-resolving the domains of those websites.
For VPN browser extensions chrome provides the proxy connection in two modes fixed_servers and pac_script. With fixed_servers it specifies the SOCKS proxy server and all the connections will be routed through the same proxy server.
pac_script is the dynamically changing one under various conditions and a majority of the VPN provides using the majority of VPN extensions use the mode pac_script.
John Mason from best VPN says Now, the issue is that DNS Prefetching continues to function when the pac_script mode is used. Since HTTPS proxy does not support proxying DNS requests and Chrome does not support DNS over SOCKS protocol, all prefetched DNS requests will go through the system DNS. This essentially introduces DNS leak.
He conducted the survey against 15 VPN and 10 VPNs are vulnerable to the data leak.
Hola VPN
OpenVPN
TunnelBear
HotSpot Shield
Betterment
PureVPN
VPN Unlimited
ZenMate VPN
Ivacy VPN
DotVPN
WindScribe
NordVPN
CyberGhost
Private Internet Access
Avira Phantom VPN
To test the VPN leaks the DNS request
Activate the Chrome plugin of your VPN
Go to chrome://net-internals/#dns
Click on “clear host cache”
Go to any website to confirm this vulnerability
John Mason provided mitigations for Users who want to protect themselves.
1. Navigate to chrome://settings/ in the address bar
2. Type “predict” in “Search settings”
3. Disable the option “Use a prediction service to help complete searches and URLs typed in the address bar” and “Use a prediction service to load pages more quickly”
Microsoft has rolled out its April 2025 Patch Tuesday update, addressing 121 security vulnerabilities across…
In a disturbing evolution of financial fraud, cybercriminals are leveraging advanced techniques to exploit mobile…
A recently disclosed SQL injection vulnerability in older versions of the Shopware platform has raised…
A recent malware distribution scheme has been uncovered on SourceForge, the popular software hosting and…
Cybersecurity experts have uncovered an alarming escalation in cyber-espionage operations targeting Ukrainian critical sectors, as…
Vidar Stealer a notorious information-stealing malware has adopted a deceptive method to disguise itself as…