Google's Chrome browser has a design flaw that renders privacy protection services such as Tor ineffective, according to developers.
The bug affects Chrome version 18.104.22.168, according to an advisory posted on the Full Disclosure security mailing list on Monday. The effect of the bug is that users' DNS queries remain exposed, even if they have configured their browser to use anonymising services such as Tor, according to the advisory.
To use Tor or a similar service, users configure the browser to route all DNS queries through a proxy server, which is designed to anonymise the user's web traffic.
However, the version of Chrome in question has a DNS pre-fetching feature enabled by default and, if this feature is left enabled, a user's queries will continue to be exposed whether they are using a proxy server or not, according to the advisory.
"This presents a serious risk for the users of the services such as Tor, as their DNS data and the little anonymity they have with Tor is leaked outside and in the clear," the advisory stated.
SecurityFocus, a security website operated by Symantec, confirmed the Chrome issue in an advisory published on Monday.
"Attackers can exploit this issue to obtain sensitive information that may lead to further attacks," SecurityFocus said in the advisory.
A similar bug exists in Chromium, the open source browser on which Chrome is based, according to a Google bug report published on Wednedsay.
Google's bug report noted that Chromium performs DNS queries from the local network, even if a user has configured the browser to perform such queries through a SOCKS proxy.
"Wireshark [a packet sniffer application] clearly shows the DNS queries happening on the local network before the page is downloaded through the SOCKS proxy," the bug report stated.
Google said it is looking into fixing the issue, but noted that the flaw only affects a small number of users who make use of Tor and similar services.
In October Microsoft criticised Chrome as a privacy risk through the way it tracks search queries, since the browser sends packets of information to Google every time a character is typed into the search box.