Security

Critical Tor Browser Vulnerability Patched

Security researchers discover and patch critical vulnerability in Tor Browser that could expose user IP addresses.

By Security Team January 8, 2025 6 min read

Security researchers have discovered and patched a critical vulnerability in the Tor Browser that could potentially expose users' real IP addresses. The vulnerability, tracked as CVE-2025-0001, affected Tor Browser versions 13.0 through 13.0.8.

The Vulnerability

The security flaw was discovered by a team of independent researchers who responsibly disclosed it to the Tor Project. The vulnerability existed in the browser's WebRTC implementation and could be exploited through specially crafted websites.

When a user visited a malicious website while using an affected version of Tor Browser, JavaScript code could potentially bypass Tor's protections and reveal the user's actual IP address to the website operator.

Who Was Affected

Users of Tor Browser versions 13.0 through 13.0.8 were potentially vulnerable. The Tor Project estimates that approximately 2 million users may have been using affected versions at the time of discovery.

However, there is no evidence that this vulnerability was actively exploited in the wild before it was patched.

Immediate Action Required

All Tor Browser users should immediately update to version 13.0.9 or later. The update includes a complete fix for this vulnerability as well as additional security enhancements.

To update:

  1. Open Tor Browser
  2. Click the hamburger menu (three horizontal lines)
  3. Select "Settings"
  4. Scroll to "Tor Browser Updates"
  5. Click "Check for Updates"

Additional Precautions

While the vulnerability has been patched, users concerned about potential exposure should consider taking additional precautions:

  • Use a VPN in conjunction with Tor for an extra layer of protection
  • Avoid visiting unknown or untrusted websites
  • Keep JavaScript disabled for maximum security (though this may break some sites)
  • Consider using Tails OS for critical activities

Response from Tor Project

The Tor Project released a statement thanking the security researchers and emphasizing their commitment to user privacy and security. They have also implemented additional code review processes to prevent similar vulnerabilities in the future.

"The security and privacy of our users is our top priority," said the Tor Project in their official statement. "We appreciate the responsible disclosure by the research team and have worked quickly to patch this issue."

Impact on Darknet Users

Darknet marketplace users are particularly encouraged to update immediately, as IP address exposure could have serious consequences. Many markets have posted announcements urging their users to update their Tor Browser.

Torzon Market and several other major platforms have temporarily restricted access to users on outdated browser versions as an extra precaution.

Stay Informed

Read more darknet industry news and security updates.

All News Security Guides