$500 Bounty: A Referer Leak in Brave’s Private Tor Window

Security researcher kkarfalcon has discovered that Brave Browser’s Private Window with Tor feature leaks referrer data, thereby posing a significant security threat to users who believe they are browsing anonymously.
Brave’s integration with the Tor network is supposed to withhold any identifying information during redirection, however, the bug exposes sensitive user information via the Referer header in some scenarios.
This could potentially lead to user’s identities and intentions being revealed through onion URLs, and heavily impacts the browser’s strict privacy policies.
The issue has been acknowledged by Brave developers, who have contacted the researcher and are currently working on resolving the bug with a soon-to-be-released fix.

Fast Feed