Popular Chrome VPN extensions are leaking your DNS data

Last month, HackRead reported how tons of popular VPN (Virtual Private Network) software were leaking real IP addresses of users through WebRTC leak along with a list of VPN vendors saving users’ Internet logs despite claiming otherwise.

Now, a new study has been conducted according to which some popular Chrome VPN extensions are leaking DNS related data of their users – Here, it must be noted that the DNS leak is not related to the WebRTC issue but DNS prefetching in Chrome browser activated by default.

The study was conducted by John Mason of TheBestVPN alongside with an ethical hacker from Cure53 who goes by the Twitter handle of File Descriptor. It may shock many that 6 out of 17 VPN extensions on Chrome are leaking DNS data.

Chrome VPN Extensions that are leaking DNS

1: Hola VPN
2: Touch VPN
3: Betternet
4: HoxxVPN
5: Ivacy VPN
6: Opera VPN

The aforementioned VPN extensions are used by millions of users around the world, for instance, Hola VPN has over 8.7 million users, Touch VPN has 2 million users, Betternet is used by 1.4 million users while DotVPN has 900,000 users. This means DNS related data of millions of users is currently at risk.

Initially, ZenMate’s name was also on the list but after a conversation with the company’s CTO Jörn Stampehl, I was told that ZenMate has fixed the issue. Moreover, the company has addressed the issue in their blog post.

Chrome VPN Extensions that are NOT leaking DNS

1: NordVPN
2: PureVPN
3: WindScribe
4: CyberGhost
5: TunnelBear
6: ZenmateVPN
7: HotSpot Shield
8: VPN Unlimited
9: Avira Phantom VPN
10: Private Internet Access

What is DNS Prefetching?

According to Google, “DNS Prefetching is an attempt to resolve domain names before a user tries to follow a link. This is done using the computer’s normal DNS resolution mechanism; no connection to Google is used.”

“Once a domain name has been resolved, if the user does navigate to that domain, there will be no effective delay due to DNS resolution time. The most obvious example where DNS prefetching can help is when a user is looking at a page with many links to various domains, such as a search results page.”

So what is the problem?

According to Mason, VPN extensions on Chrome utilize two methods of configuring their proxy connections, 1: fixed_servers and 2: pac_script. The fixed_servers method allows extensions to specify the host of an HTTPS/SOCKS proxy server and later all connections go through the proxy server.

In pac_script however, a PAC script is provided by the extension which changes the host of HTTPS/SOCKS proxy server dynamically.

“For example, a VPN extension can use a PAC script that determines if a user is visiting Netflix by having a rule that compares the URL and assigns a proxy server that is optimized for streaming. The highly dynamic nature of PAC scripts means the majority of VPN extensions use the mode pac_script over fixed_servers,” Mason explained.

“Now, the issue is that DNS Prefetching continues to function when the pac_script mode is used. Since HTTPS proxy does not support proxying DNS requests and Chrome does not support DNS over SOCKS protocol, all prefetched DNS requests will go through the system DNS. This essentially introduces DNS leak.”

How to test if your Chrome VPN extension is leaking DNS?

The TheBestVPN researchers have figured out a simple way to check whether your Chrome VPN extension is leaking your DNS data. Here are four simple steps proposed by researchers:

1: Open Chrome browser and turn on your VPN extension
2: Head to chrome://net-internals/#dns
3: Click “clear host cache”
4: Visit any website and check if your DNS is being leaked

You can also follow this video and see how you can perform the test:

How to stop Chrome VPN extension from leaking DNS?

Those looking to solve the issue can follow the below mention steps:

1: Open chrome://settings/ in your address bar
2: In the search settings type “Predict”
3: Now Disable “Use a prediction service to help complete searches and URLs typed in the address bar” and “Use a prediction service to load pages more quickly” options.

If you are using a VPN extension on Chrome browser it is advised to follow the aforementioned steps. Also, don’t forget to visit TheBestVPN’s website for upcoming exclusive reviews.

Note for Chrome users

A few days ago HackRead reported on how over 20 million Google Chrome users were using fake malicious Adblocker extensions. Therefore, avoid installing unnecessary extensions and always keep an eye on the permission an extension asks for. Stay safe online.

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.