Exploit vendor drops Tor Browser zero-day on Twitter | ZDNet




Not sure if this was related or not:


Assuming that javascript was continuously enabled because of the aforementioned exploit, would it have been possible to discover my real IP address by any means?

Are there any known javascript exploits that could reveal the Tor Gateway IP?


if someone gain a root access inside the your workstation, he cannot know what is ur real IP. so dont worry about ur real IP with this exploitation (although this vulnerability alone doesn’t give any permissions to attack the user unless more and more exploitation connected).

Edit by Patrick: can -> cannot


Article says not exploitation. Full javascript execution. (Attack surface incrementation.)

  1. Update apt 's list of available packages from repository. $ sudo apt update.
  2. Install Chromium’s Ubuntu package via apt . $ sudo apt install -y chromium -browser.
  3. You can now open Chromium from your application list or type the following command at the terminal; $ chromium -browser mobdro.


No do NOT use other browsers other than Tor Browser because they are not resistant to all kinds of fingerprinting. Also it’s a myth that Chromium is more secure, both browsers are big enough and have enough new coded added to be a source of bugs. Both have sandboxing and other security mitigation techniques.