VPN extensions for Google Chrome leaked DNS addresses of users

BadB

BadB

Professional
Messages
2,490
Reaction score
2,544
Points
113
f8ee5cc2b026a4efd77f2.png


Recent reports from many cybersecurity companies indicate that many VPN browser extensions are leaking users' DNS addresses. Chrome extensions are leaking DNS prefetching when Chrome makes queries before you click on a link.

Study​

White hacker and file descriptor John Mason conducted a study in which he tested 15 VPN extensions. The results were disappointing, as 10 out of 15 extensions were found to be leaking DNS addresses. The implication of this vulnerability is that Chrome does not hide its requests going through its own DNS prefetch system.

How does this happen?​

On his blog, John Mason explained how Chrome leaks its users' DNS to third parties. Chrome reduces website traffic by using a DNS prefetching tool that predicts the site that the user is going to visit next.

Chrome has two options for setting up proxy connections after installing the VPN extension. These include: fixed servers and "PAC script" modes.

Note Pavluu: PAC - automatic configuration of proxy servers.

The most widely used VPN extensions are Script PAC and they allow the proxy host to be changed since DNS prefetching continues to function when using this mode.

Chrome does not support DNS over SOCKS, and DNS proxy requests are not supported by HTTPS proxy. This scenario means that all predefined DNS requests should go through the system automatically.

Which VPN extensions to use and which not?​


1) The following extensions can leak DNS addresses:
  • DotVPN
  • Hola VPN
  • Betterment
  • Ivacy VPN
  • OperaVPN
  • ZenMate VPN
  • VPN Unlimite

2) Leaked, but fixed vulnerabilities:
  • PureVPN,
  • TunnelBear
  • HotSpot Shield.
3) Prevent leaking DNS addresses:
  • Avira Phantom VPN
  • Windscribe
  • NordVPN
  • Private Internet Access
  • CyberGhost

How to reset DNS cache in Chrome?​

1) Enter in the address bar of the browser chrome://net-internals/#dnsand click the Clear host cache button.

2) Then also in the address bar of your browser enter

chrome://net-internals/#sockets and click the Flush socket pools button.

And reset the DNS cache in the Windows operating system itself (entered in the Win + R command line, write cmd):
Code: 
ipconfig / flushdns

3) Or just install the browser extension Google Chrome DNS Flusher for Chrome, for the correct operation of which you need to launch the browser with the key --enable-benchmarking.

How do I check my VPN extension?​

1) Include your extension

2) Clean the cache according to the instructions above

3) Go to any site

4) See if this site has appeared in the cache

5) Profit!
 
You must log in or register to reply here.

Similar threads

chushpan
🧊 Malicious Chrome extensions can spoof password managers in new attack
Replies
0
Views
501
chushpan
chushpan
BadB
First-Party Sets and SameSite Cookies: How Google Combines Your Profiles Under One Umbrella
Replies
0
Views
66
BadB
BadB
BadB
TLS JA3 as Digital DNA: Why Your Browser Gives You Away Even with Perfect Canvas
Replies
0
Views
90
BadB
BadB
BadB
TLS Client Hello Fingerprinting: How JA3/JA3S Give Away Your RDP Before the First Click
Replies
0
Views
71
BadB
BadB
S
An overview of IP address masking methods in the context of carding
Replies
0
Views
648
Student
S
Back
Top