Google Chrome users should be careful and make sure they safeguard themselves against eavesdroppers as a new report suggests VPN extensions on Chrome could be leaking all your DNS queries.
This discovery may come as a surprise to many as the purpose of using a Virtual Private Network is to get ultimate privacy and stop prying eyes from monitoring your internet activities. But the concept is losing its credibility on the Chrome browser because every time a user clicks on a link, it uses a feature named DNS prefetching to validate DNS requests.
A Loophole in the Security System
While most users, including you, might have believed that a link is activated only when you click on it, it looks like DNS queries are made as soon as you hover your mouse pointer over a link on the Google Chrome browser.
Every time you hover the mouse, a DNS request will be made for that specific domain and it will automatically populate the address bar using Chrome’s auto-fill feature.
In other words, you don’t have to click on any links at all for the queries to be leaked. They are designed in such a way that everything will be pre-loaded and will get leaked even if you skip to click on them.
A feature which was rolled out to help users save a fraction of a few seconds in loading web pages has now become a threat. The developers of the browser have activated it by default so as to help users avoid waiting times when they want to visit a website.
VPN Extensions are Leaking DNS Queries with Prefetch Activated
Chrome’s DNS prefetching feature has created such an insecure environment for people browsing the web using a VPN extension installed. By default, any solid VPN client will make use of customized DNS settings that are not related to the settings used in the browser.
In order to keep things simple, as many as 10 out of 15 extensions use the browser’s settings which make them vulnerable to the DNS prefetching feature used by Chrome. Some of the configurations led to these leaks because the extensions use Chrome before transferring the request to VPN, thus creating a gap in the loop.
John Mason, a security expert from thebestvpn.com, was the first to identify the flaw and report it publicly. He described the entire issue in a more technical aspect which may sound like jargon for average users, but it is useful for techies who want to protect their privacy against such threats.
The DNS prefetching is supposed to be deactivated while the pac_script mode is used, but it doesn’t. A DNS request proxy is not usually supported by the HTTPS proxy while Chrome doesn’t allow the protocol named DNS over SOCKS, which forces the requests to be done through the browser settings. The process leads to a DNS leak, confirmed Mason in his blog post.
Confirmed VPN Extensions that Cause DNS Leaks
In his detailed experiment, Mason went through all the most popular DNS services used by Google Chrome users based on their rating and ranking. Almost every other extension that you might have used has come under the radar and is confirmed to have been causing continuous leaks, which is threatening especially if you have been using it for a long time.
Below is the current list of confirmed extensions that leak:
- HOLA VPN
- ZenMate VPN
- Opera VPN
- VPN Unlimited
- Betternet
- DotVPN
- Ivacy VPN
These are some of the most popular VPN extensions used on Chrome and surprisingly, some of the lesser known names were found to be safer.
NordVPN is a popular choice which also proved to be safe without leaks while other services like CyberGhost, Avira Phantom VPN, WindScribe and Private Internet Access were not using the prefetching feature, making them reliable tools to use as well.
So far, the VPN services that have patched their extensions are HotSpot Shield, TunnelBear and PureVPN.
How to Find if Your DNS Queries are Leaking
- Choose a VPN of your choice and install it on your Google Chrome browser
- If you installed it already, just activate it
- Visit chrome://net-internals/#dns
- Find and click on the option “Clear host cache”
- Hover over any link or initiate a search in the address bar of the Chrome browser
- Check if the new domain is listed in host table
Protect Yourself Against a DNS Leak: Step-by-Step Guide
- Visit chrome://settings/ by typing it in the address bar
- Type predict and you should be able to find it in “Search Settings”
- Click on the option that requests permission for using prediction service to complete URLs and searches
- The function will be disabled
- Do the same on the option that requests permission for using prediction services to show pages quickly, to disable it as well
By default, there are websites meant to help you identify leaks and fix them immediately. Due to the nature of the VPN extensions making use of default configuration found in the Chrome browser, websites like dnsleaktest.com were unable to find the queries leaking over a secure, encrypted connection. As such, the only way to identify the issue and fix it is by manually following the security measures mentioned above.
Apart from finding the list of DNS extensions which continued to leak the queries made by a user, John Mason ensured that he released a list of supported VPNs that did their job properly. The list should make it easier for you to download the right VPN that provides the security and privacy you would expect from using a Virtual Private Network setup.
Google is yet to comment on this topic, and considering the fact that such a huge leak happened with so many popular services, they may choose to disable the prefetching feature in a future update. If they choose to deactivate it at least for users who are connected using a VPN extension, it could be a move that provides the privacy you need.
Besides, internet speeds have drastically improved over time, and caching pages before clicking them may not be completely necessary at this point.
