Google Chrome Bug Exposes DNS Details

Developers have issued a warning about a serious bug in the latest iteration of Google Chrome that could give away the details of the web surfers attempting to browse the internet in anonymous mode.

As per the warning, Google Chrome is brushing aside the basic pre-requisite for various anonymous browsing services, including Tor, to route the domain-name queries via a proxy server.

Instead, the browser is reportedly routing queries from local networks, even if the browser is configured to use the third party proxy servers, thereby revealing the identity as well as the location of the users.

Anonymous browsing services, like Tor, funnel packets, including DNS queries, through a series of proxy servers in order to help the users browse the web without letting their identities out to network snoopers.

The gravity of the issue is discussed in an advisory published on the Full-Disclosure mailing list, which states: “This presents a serious risk for the users of the services such as Tor, as their DNS data and the little anonymity they have with Tor is leaked outside and in the clear”.

Responding to the warning, a Google spokesman said: “We're looking into fixing this issue, but it only potentially impacts a very small number of people who make use of anonymity services like Tor.”

Our Comments

Tor, which is developed an MIT alumnus Roger Dingledine, is a popular anonymous browsing service that can be used by configuring a web browser to employ an IP address that is a part of the Tor project. Other lesser known anonymising services might be concerned by it as well.

Related Links

Google Chrome bug outs users seeking anonymity

(Register)

Google Chrome in anonymity blunder

(Infosecurity(USA))

Google Chrome 3.0.195.33 leaks DNS data queries outsitde of proxy if dns pre-fetching is enabled

(Full-Disclosure)