A vulnerability in the Brave Browser allows an attacker to view the last time a Tor session was used in incognito mode. A local, on-disk attacker could read the Brave Browser’s “Local State” json file and identify the last time a Tor session was used, affecting the confidentiality of a user’s Tor session.
For example, the “Local State” file of a user who has recently used a Tor session would list a key value pair with a timestamp as accurate as “13248493693576042”. This allows an attacker to fingerprint, or prove beyond reasonable doubt, that a user was using Tor at that very specific moment in time.
Brave 1.18.27 and below
Start a Tor session in Brave Browser
As discussed with security@ team in email chain titled:
Re: [Security] CVE Request 981386 - Brave Browser (All) - Exposure of
Sensitive Information to an Unauthorized Actor While Using Tor Feature
And fixed in PR 7010:
https://github.com/brave/brave-core/pull/7010
Violate the confidentiality of a user’s Tor session.