Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security] Audio farbling bypass #42356

Closed
3 of 6 tasks
arthuredelstein opened this issue Nov 18, 2024 · 3 comments · Fixed by brave/brave-core#26651
Closed
3 of 6 tasks

[Security] Audio farbling bypass #42356

arthuredelstein opened this issue Nov 18, 2024 · 3 comments · Fixed by brave/brave-core#26651
Assignees
@arthuredelstein
Labels
OS/Android Fixes related to Android browser functionality OS/Desktop QA/Yes release-notes/include security
Milestone
1.75.x - Beta

Comments

@arthuredelstein
Copy link

arthuredelstein commented Nov 18, 2024
edited
Loading

Description

Fix a code path in our audio farbling where audio is not being farbled. See https://hackerone.com/reports/2846851

Summary:

A bug introduced in July 2024 allows websites to bypass Brave's audio fingerprinting protection when using Web Audio AnalyserNode methods. The BraveAudioFarblingHelper is only initialized when AudioBuffer methods (getChannelData or copyFromChannel) are called, but AnalyserNode methods require this helper for farbling. As a result, AnalyserNode data accessed before any AudioBuffer calls remains unfarbled and fingerprintable across sessions and domains, reducing user privacy.

Reproduces how often

Easily reproduced

Desktop Brave version (brave://version info)

Desktop Linux: Brave 1.73.89 Chromium 131.0.6778.69 (Ubuntu 22.04.5 LTS)
Android: Brave 1.73.89 Chromium 131.0.6778.69 (Android 14)

Android device

  • Brand/model:
  • Android version:

Channel information

  • release (stable)
  • beta
  • nightly

Reproducibility

  • with Brave Shields disabled
  • with Brave Rewards disabled
  • in the latest version of Chrome
@arthuredelstein arthuredelstein added OS/Android Fixes related to Android browser functionality OS/Desktop labels Nov 18, 2024
@arthuredelstein arthuredelstein self-assigned this Nov 18, 2024
@arthuredelstein arthuredelstein mentioned this issue Nov 19, 2024
Merged
24 tasks
@LaurenWags LaurenWags added this to the 1.75.x - Nightly milestone Dec 17, 2024
@LaurenWags
Copy link
Member

@arthuredelstein please add the following required labels as appropriate:

  • QA/Yes or QA/No
    • If QA/Yes please include a test plan
  • release-notes/exclude or release-notes/include

cc @kjozwiak

@kjozwiak
Copy link
Member

@arthuredelstein @diracdeltas should we use release-notes/include as it's a Hackerone issue? We usually add anything related to Hackerone into the notes and give the reporter the credit. Unless this isn't severe enough to ass into the release notes.

@diracdeltas
Copy link
Member

yes let's include it in the release notes, credit goes to https://hackerone.com/cesium_fusilli

@LaurenWags LaurenWags changed the title Audio farbling bypass [Security] Audio farbling bypass Jan 9, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@arthuredelstein arthuredelstein

Labels
OS/Android Fixes related to Android browser functionality OS/Desktop QA/Yes release-notes/include security
Projects
None yet
Milestone
1.75.x - Beta
Development

Successfully merging a pull request may close this issue.

make sure audio farbling helper is always initialized before use brave/brave-core
4 participants
@arthuredelstein @diracdeltas @kjozwiak @LaurenWags