Security News > 2021 > June > Patch Tor Browser Bug to Prevent Tracking of Your Online Activities

Open-source Tor browser has been updated to version 10.0.18 with fixes for multiple issues, including a privacy-defeating bug that could be used to uniquely fingerprint users across different browsers based on the apps installed on a computer.

In addition to updating Tor to 0.4.5.9, the browser's Android version has been upgraded to Firefox to version 89.1.1, alongside incorporating patches rolled out by Mozilla for several security vulnerabilities addressed in Firefox 89.

The issue has serious implications for privacy as it could be exploited by adversaries to unmask Tor users by correlating their browsing activities as they switch to a non-anonymizing browser, such as Google Chrome.

To counter the attack, Tor now sets "Network.protocol-handler.external" to false so as to block the browser from probing installed apps.

Of the other three browsers, while Google Chrome features built-in safeguards against scheme flooding - it prevents launching any application unless it's triggered by a user gesture, like a mouse click - the browser's PDF Viewer was found to bypass this mitigation.

Tor browser users are recommended to move quickly to apply the update to ensure they are protected.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/XKKC6PkSyXg/patch-tor-browser-bug-to-prevent.html