#1 Trusted Cybersecurity News Platform Followed by 3.45+ million
The Hacker News Logo
Subscribe to Newsletter

Brave Browser | Breaking Cybersecurity News | The Hacker News

FrodoPIR: New Privacy-Focused Database Querying System

FrodoPIR: New Privacy-Focused Database Querying System

Dec 23, 2022 Encryption / Privacy / Browser
The developers behind the Brave open-source web browser have revealed a new privacy-preserving data querying and retrieval system called  FrodoPIR . The idea, the company  said , is to use the technology to build out a wide range of use cases such as safe browsing, scanning passwords against breached databases, certificate revocation checks, and streaming, among others. The scheme is called  FrodoPIR  because "the client can perform hidden queries to the server, just as Frodo remained hidden from Sauron," a reference to the characters from J. R. R. Tolkien's  The Lord of the Rings . PIR, short for  private information retrieval , is a cryptographic protocol that enables users (aka clients) to retrieve a piece of information from a database server without revealing to its owner which element was selected. In other words, the goal is to be able to query a platform for information (say, cooking videos) without letting the service provider infer from a user's search
RCE Exploit Released for Unpatched Chrome, Opera, and Brave Browsers

RCE Exploit Released for Unpatched Chrome, Opera, and Brave Browsers

Apr 13, 2021
An Indian security researcher has publicly published a proof-of-concept (PoC) exploit code for a newly discovered flaw impacting Google Chrome and other Chromium-based browsers like Microsoft Edge, Opera, and Brave. Released by Rajvardhan Agarwal, the working  exploit  concerns a remote code execution vulnerability in the V8 JavaScript rendering engine that powers the web browsers. It is believed to be the same flaw demonstrated by Dataflow Security's Bruno Keith and Niklas Baumstark at  Pwn2Own 2021 hacking contest  last week. Keith and Baumstark were awarded $100,000 for leveraging the vulnerability to run malicious code inside Chrome and Edge. According to the screenshot shared by Agarwal, the PoC HTML file, and its associated JavaScript file, can be loaded in a Chromium-based browser to exploit the security flaw and launch the Windows calculator (calc.exe) app. But it's worth noting that the exploit needs to be chained with another flaw that can allow it to escape Chro
Privacy Bug in Brave Browser Exposes Dark-Web Browsing History of Its Users

Privacy Bug in Brave Browser Exposes Dark-Web Browsing History of Its Users

Feb 20, 2021
Brave has fixed a privacy issue in its browser that sent queries for .onion domains to public internet DNS resolvers rather than routing them through Tor nodes, thus exposing users' visits to dark web websites. The bug was addressed in a hotfix  release  (V1.20.108) made available yesterday. Brave ships with a built-in feature called " Private Window with Tor " that integrates the  Tor  anonymity network into the browser, allowing users to access .onion websites, which are hosted on the darknet, without revealing the IP address information to internet service providers (ISPs), Wi-Fi network providers, and the websites themselves. The feature was added in  June 2018 . This is achieved by relaying users' requests for an onion URL through a network of volunteer-run Tor nodes. At the same time, it's worth noting that the feature uses Tor just as a proxy and does not implement most of the privacy protections offered by Tor Browser. But according to a report first
More Resources