This "Secure Browser" Has Holes in MDNS

Hi. I need a fix for Brave listening on MDNS. It’s probably some Google-Chromium horseshit they f*cked you with and you (reasonably) forgot to check for, but if you look at netstat or ss or anything you’ll see the browser is opening ports. Stop it.

Also, how can I disable this shitfuckery in the meantime?

Thanks and happy holidays.

PS: And for pete’s sake, add a “security” option in the tags.

Have you tried turning off the Chromecast setting?

Yep. It’s off.

Did you try running netstat on your own system?

EDIT: Make sure to give it the “-l” (that’s an L lowercase) to run the test, or it won’t show. Probably your coders / testers forgot to check for the “listen” state when you pushed one of the more recent versions and it snuck in. Again, no hate, but fix it. This is disgusting.

EDIT x2: You can also chain on there “-p” to show that Brave is the source of the listening sockets.

2 Likes

Thoughts on this, Official Dudes?

Brave 1.18.75 on Windows 10: I ran netstat -a as an administrator and Brave wasn’t listening on any ports.

That’s nice but on Linux it still is a problem.

Also, can you enlighten me how you divined process bindings to ports in order to make your argument, without specifying -p?

Maybe windows does it auto now.

@UsernameHere1 -p has a completely different meaning on Windows.

I confirm no port is on LISTENING status.

So… Why are they open at all, on Linux then?

So if I run sudo netstat -l -p | grep -i brave on my Ubuntu 20.04 machine, I get the following if using Brave Beta or Brave Nightly:

unix  2      [ ACC ]     STREAM     LISTENING     15848434 3871134/brave --dis  /tmp/user/1000/.org.chromium.Chromium.8T8VJa/SingletonSocket

It’s only when the version that’s currently in the release channel (Brave 1.20.110) that I can see the browser listening for local mDNS traffic:

udp        0      0 224.0.0.251:mdns        0.0.0.0:*                           3883416/brave