Kkarfalcon

**Name of the Vulnerable Software and Affected Versions** Brave versions prior to 1.34 **Description** The issue occurs when a Private Window with Tor Connectivity is used, causing .onion URLs to leak in Referer and Origin headers. Although this was fixed by Brave, the Brave documentation notes that Private Windows with Tor Connectivity in Brave are just regular private windows that use Tor as a proxy and do not implement most of the privacy protections from Tor Browser. **Recommendations** For versions prior to 1.34, update to version 1.34 or later to resolve the issue. As a temporary workaround, consider avoiding the use of Private Windows with Tor Connectivity until the update is applied.