Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

CVE-2021-21323 : Security Advisory and Response

Discover how CVE-2021-21323 affected Brave browser versions 1.17.73-1.20.103, leading to DNS leakage from Tor windows. Learn about the impact, technical details, and mitigation steps to secure your browsing experience.

Brave browser versions 1.17.73-1.20.103 had a CNAME adblocking feature issue allowing DNS leakage from Tor windows. Learn about the impact, technical details, and mitigation steps.

Understanding CVE-2021-21323

This CVE-2021-21323 pertains to a regression in DNS leakage from Tor windows in the Brave browser versions 1.17.73-1.20.103.

What is CVE-2021-21323?

Brave browser versions 1.17.73-1.20.103 introduced a CNAME adblocking feature that unintentionally led to DNS requests bypassing the Brave Tor proxy. This resulted in the leakage of DNS requests from Tor windows to the user's DNS provider.

The Impact of CVE-2021-21323

The vulnerability allowed an unauthorized actor to gain access to sensitive information due to DNS leakage, compromising user privacy and security.

Technical Details of CVE-2021-21323

The vulnerability's CVSS score is 4.3 (Medium severity) with low attack complexity, network-based vector, and user interaction required. No privileges were needed, and the impact did not affect availability or integrity.

Vulnerability Description

Brave browser versions 1.17.73-1.20.103 inadvertently leaked DNS requests from Tor windows due to the CNAME adblocking feature.

Affected Systems and Versions

Users with Brave browser versions between 1.17.73 and 1.20.103 were impacted by this vulnerability.

Exploitation Mechanism

By enabling adblocking in Brave versions 1.17.73-1.20.103, users inadvertently exposed DNS requests from Tor windows to their DNS provider.

Mitigation and Prevention

To address CVE-2021-21323, users should take immediate and long-term security measures along with applying relevant patches and updates.

Immediate Steps to Take

Users should update their Brave browser to version 1.20.108 or newer to mitigate the DNS leakage issue.

Long-Term Security Practices

Practice safe browsing habits, use VPNs, and regularly update software to prevent similar vulnerabilities.

Patching and Updates

Ensure that your Brave browser is regularly updated to the latest version to patch security vulnerabilities.

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now