[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Google's Chrome Web Browser and Tor

Hi all,

I've been playing around with Google's new web browser and Tor.  I thought it might be good to share my findings with everyone.
After reading Google's privacy policy[1], I for one would not want to use this on a regular basis, if at all.

The first bug I tried was an old one I found with Firefox; the NEWS:// URI type.
Any link that has a NEWS:// URI will launch Outlook Express and attempt to contact the server in the URL...without using Tor.

The second bug I found resulted in local file/folder disclosure.
This is very similar to the one I found in Internet Explorer.

The third bug I found was with MIME-TYPEs, specifically Windows Media Player supported formats.
The BANNER tag can also leak your IP address when the playlist is loaded *IF* WMP is not set to use a proxy.
Also, a playlist in WMP can specify protocols that use UDP, hence, no proxy support...no Tor.

On the flip-side, it is very cool how each browser tab is it's own process, making several types of attacks much more difficult.
However, with an invasive privacy policy, local proxy bypassing, and local files/folders able to be read from your hard drive, I've decided not to use this browser.

It just doesn't feel privacy/anonymity friendly to me.
Anyone else want to chime in on this?

- Kyle

[1] http://www.google.com/chrome/intl/en/privacy.html
(Basically states you have no privacy when using Chrome)