lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <a39da3560912141245s76bb049x950f8bbffeb9b3e6@mail.gmail.com> Date: Mon, 14 Dec 2009 20:45:12 +0000 From: nixlists <nixmlists@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: Google Chrome 3.0.195.33 leaks DNS data queries outsitde of proxy if dns pre-fetching is enabled Google Chrome 3.0.195.33 has DNS pre-fetching feature enabled by default. If a user is using Chrome with a proxy, the DNS queries must go through the proxy by design, but with the DNS pre-fetching enabled they are still sent to the system's configured DNS cache. This seems also true for the SOCKS proxy in Chromium regardless of whether DNS pre-fetching is enabled or not as shown here: http://code.google.com/p/chromium/issues/detail?id=29914 I have not verified the SOCKS proxy issue. This presents a serious risk for the users of the services such as Tor, as their DNS data and the little anonymity they have with tor is leaked outside and in the clear. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists