Wednesday, April 30, 2025
HomeSecurity ToolsTor Browser 10.0.18 Released - Fixed The Flaw That Let Websites...

Tor Browser 10.0.18 Released – Fixed The Flaw That Let Websites Tracking Users

Published on

SIEM as a Service

Follow Us on Google News

Tor is one of the biggest open-source software, its networks have virtual tunnels that generally enable people and different groups to enhance their privacy and security on the Internet.

Recently Tor has released its Tor Browser 10.0.18, and the main motive of this release is to fix all the countless bugs, which also include a vulnerability that enables different websites to keep track of their users by fingerprinting the installed application.

We all know that Tor administers Internet traffic with the help of an overlay network that is free worldwide.

- Advertisement - Google News

But, this network consists of nearly seven thousand relays, that help in concealing a user’s location as well as usage from people who are conducting network surveillance or traffic examination.

Scheme Flooding vulnerability

Scheme flooding is a vulnerability, that uses different custom URL schemes as an attack vector. According to the experts, this vulnerability generally enables the actors to identify that which applications have been installed by the users.

Once the experts identified the application successfully, then they use all the data and information of the installed app on the user’s computer. 

And the main motive of doing this is that they want to assign a permanent unique identifier in the user’s computer so that they can use the system even if the users switch browsers just by using incognito mode or a VPN.

Not only this but scheme flooding also allows third-party tracking in a different browser. However, this exploit generally helps the hackers to track down the usage of users’ browsers like Google Chrome, Safari, even the Tor browser as well.

Thorough Changelog

The experts have mentioned a full changelog for Tor 10.0.18, which is given below:-

All Platforms

  • Update Tor to 0.4.5.9

Android

  • Update Fenix to 89.1.1
  • Update NoScript to 11.2.8
  • Bug 40055: Rebase android-components patches on 75.0.22 for Fenix 89
  • Bug 40165: Announce v2 onion service deprecation on about:tor
  • Bug 40166: Hide “Normal” tab (again) and Sync tab in TabTray
  • Bug 40167: Hide “Save to Collection” in menu
  • Bug 40169: Rebase fenix patches to fenix v89.1.1
  • Bug 40170: Error building tor-browser-89.1.1-10.5-1
  • Bug 40432: Prevent probing installed applications
  • Bug 40470: Rebase 10.0 patches onto 89.0

Build System

  • Android
    • Bug 40290: Update components for mozilla89-based Fenix

According to the security researchers, as well as Tor, this new version updates Tor to 0.4.5.9, and it consists of all the important security fixes. 

While this new release also updates Firefox to 89.1.1, and NoScript to 11.2.8 and all this new version includes the important security updates to Firefox for Android.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Researchers Uncover SuperShell Payloads and Various Tools in Hacker’s Open Directories

Cybersecurity researchers at Hunt have uncovered a server hosting advanced malicious tools, including SuperShell...

Cyber Espionage Campaign Targets Uyghur Exiles with Trojanized Language Software

A sophisticated cyberattack targeted senior members of the World Uyghur Congress (WUC), the largest...

Konni APT Deploys Multi-Stage Malware in Targeted Organizational Attacks

A sophisticated multi-stage malware campaign, potentially orchestrated by the North Korean Konni Advanced Persistent...

Outlaw Cybergang Launches Global Attacks on Linux Environments with New Malware

The Outlaw cybergang, also known as “Dota,” has intensified its global assault on Linux...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Cyber Espionage Campaign Targets Uyghur Exiles with Trojanized Language Software

A sophisticated cyberattack targeted senior members of the World Uyghur Congress (WUC), the largest...

7 Best Third-Party Risk Management Software in 2025

Whether you operate a small business or run a large enterprise, you rely on...

Satellite Weather Software Vulnerabilities Let Attackers Execute Code Remotely

IBL Software Engineering has disclosed a significant security vulnerability, identified as CVE-2025-1077, affecting its...