VPN Extensions for Google Chrome Leak Users’ DNS Addresses

By Ava McKinneyOnline Safety

VPN Extensions for Google Chrome Leak Users’ DNS Addresses

Recent reports from several cybersecurity companies indicate that many VPN extensions for browsers are leaking users’ DNS addresses. Chrome extensions allow this leak through the DNS prefetching feature, where Chrome makes requests before you even click a link.

Research Findings

“White hat” hacker and file descriptor John Mason conducted a study in which he tested 15 VPN extensions. The results were disappointing: 10 out of 15 extensions were found to leak DNS addresses. The core of this vulnerability is that Chrome does not hide its requests, which go through its own DNS prefetching system.

How Does This Happen?

In his blog, John Mason explained how Chrome leaks users’ DNS addresses to third parties. Chrome reduces website traffic using the DNS prefetching tool, which predicts the site a user is likely to visit next.

Chrome has two proxy connection settings after installing a VPN extension: fixed servers and “PAC script” modes.

Note (Pavluu): PAC stands for Proxy Auto-Configuration. You can read more about it here.

The most widely used VPN extensions use PAC scripts, which allow the proxy server host to be changed, while DNS prefetching continues to function in this mode.

Chrome does not support the DNS over SOCKS protocol, and DNS proxy requests are not supported by HTTPS proxy servers. This means that all preset DNS requests must go through the system automatically.

Which VPN Extensions Leak DNS Addresses?

  1. Extensions that leak DNS addresses:
    • DotVPN
    • Hola VPN
    • Betterment
    • Ivacy VPN
    • OperaVPN
    • ZenMate VPN
    • VPN Unlimite
  2. Extensions that used to leak but have fixed the vulnerability:
    • PureVPN
    • TunnelBear
    • HotSpot Shield
  3. Extensions that do not leak DNS addresses:
    • Avira Phantom VPN
    • WindScribe
    • NordVPN
    • Private Internet Access
    • CyberGhost

How to Clear DNS Cache in Chrome

  1. Type chrome://net-internals/#dns in the browser’s address bar and click the “Clear host cache” button.
  2. Then, in the address bar, enter chrome://net-internals/#sockets and click the “Flush socket pools” button.
  3. Also, clear the DNS cache in Windows itself (open the command prompt with Win + R, type cmd): 
    ipconfig /flushdns
  4. Alternatively, you can install the Google Chrome extension DNS Flusher for Chrome. For it to work correctly, you need to launch the browser with the --enable-benchmarking flag.

How to Test Your VPN Extension

  1. Enable your VPN extension.
  2. Clear the cache using the instructions above.
  3. Visit any website.
  4. Check if this site appears in the cache.
  5. Done!

Leave a Reply