Recent reports made on cybersecurity have confirmed that DNS requests are being leaked to other entities by VPN tools.
Chrome extensions proved to be leaking the requests through the DNS prefetching feature, when Chrome makes requests before you click a link.
An ethical hacker and file descriptor, John Mason, conducted research that tested 15 Virtual Private Network extensions.
The results were astonishing as it was found out that 10 out of 15 services leaked the DNS of their users via the web extensions.
This leakage is as a result of some Chrome extensions failing to hide the queries made through the DNS system for prefetching.
This has left users at the mercy of hackers and crypto jackers. Users’ computer resources could be utilized without their permission or knowledge.
How Chrome Extensions are Leaking DNS Requests
In a blog post, John Mason went ahead to explain how Chrome has been leaking the DNS of their users to third-party entities.
Chrome reduces website traffic by using a DNS prefetching tool that predicts the site that the user is going to visit.
Chrome has two provisions for setting up proxy connections after a VPN extension has been installed. These include the fixed servers and the Pac script modes.
The most widely used VPN extensions are the Pac script, and they allow for the proxy server host to be changed as DNS prefetching continues to function when using this mode.
Chrome does not support the DNS over SOCKS protocol and proxying DNS requests are not supported by HTTPS proxy. This scenario means that all the prefetched DNS requests have to go through the system automatically.
This mode in itself has various pros and cons. On the good side, this mode enhances the VPN connection depending on the user’s website of preference.
If the user is involved with online shopping, then the script will select a server that has been optimized for online shopping.
This trend, however, exposes the user to DNS leaks through the prefetched DNS. The information about the user and the webpage that they visit would be vulnerable.
Tested VPN Extensions Affected by DNS Leaks
According to Mason’s report, the following VPN extensions are affected.
- Hola VPN
- Ivacy VPN
- ZenMate VPN
- VPN Unlimited
The VPN extensions that have since been patched include PureVPN, TunnelBear and HotSpot Shield.
Tested VPN Extensions That Do Not Leak DNS
- Avira Phantom VPN
- Private Internet Access
Testing for Leaks in Other Chrome VPN Extensions
Users can try the following procedure to test for VPN leaks.
- One has to activate their VPN Chrome plug.
- Search the link //net-internals/#dns on Chrome.
- Go to “Clear host cache” and click.
- Go to Chrome and use the address bar to search a link.
- Check if the host’s table for DNS shows new domains.
How to Prevent DNS Leaks
In this case, protection against DNS leakages is no option. The origin of DNS leaks appears to be coming from the web extensions, according to John Mason.
The web traffic, including DNS traffic, that is encrypted is supposed to be routed through the network, but this is not the case for most web providers.
In place of relying on the Chrome extensions, one could turn on the client app or VPN thus mitigating the DNS leaks due to prefetching. In addition, Mason advised that one could also turn off the DNS prefetching feature on Chrome.
Chrome Extensions Injecting Crypto Miners into Browsers
Chrome has the reputation of being among the fastest web browsers. However, these enhanced speeds have proven to come at a price.
Previously, Google had permitted extensions to conduct operations of mining cryptocurrencies. But, following user concerns, Google had to swoop in to defend the reputation of Chrome.
The terms of this agreement were that cryptocurrency mining was the only activity to be conducted. Also, the users of the computers would be informed that their resources would be used for a task that was hardware-intensive for their computers.
However, the extensions that have mining scripts have violated the terms of the agreement. Approximately 90 percent of the Chrome extensions were hiding mining scripts and using the user’s computer resources without their knowledge and consent.
This emerging malicious trend, called cryptojacking, does not seem to be going away anytime soon. Crypto jacking causes the unresponsiveness of one’s computer, and upon investigation, it would be found that Chrome is hogging the resources of the CPU. Nevertheless, it is quite difficult for one to precisely determine that these are caused by malicious web extensions.
Google recently made a statement banning all Chrome extensions from being involved with mining cryptocurrency.
The Chrome review staff would no longer accept extensions that conducted cryptocurrency mining on the Chrome Web Store. Those extensions that were already performing crypto mining operations will be terminated sometime in June.