New Tor Browser Update Addresses Vulnerabilities
The Tor Project released a significant Tor Browser security update in August 2025, addressing three medium-severity vulnerabilities identified through its bug bounty programme and external security research. The update also improved Tor Browser's letterboxing implementation and updated the NoScript extension to address a CSS-based side-channel information leak documented by academic researchers.
What Vulnerabilities Were Patched in the Update?
The three patched vulnerabilities each involved JavaScript execution contexts. The most significant involved a timing side-channel in the sandboxed environment potentially usable to distinguish between users accessing the same .onion service under specific conditions. The second patch addressed inconsistent sandbox isolation across cross-origin frames. The third corrected a DNS prefetch behavior that could generate a network-visible request under edge conditions, though users on Safest setting were unaffected.
How Quickly Should Darknet Users Update?
Security researchers recommend updating Tor Browser immediately upon any security release regardless of severity classification. Medium severity does not imply unimportance. Windows users update through the About Tor Browser dialog. Tails users update through the Tails update process. The OPSEC guide on the Nexus Website recommends keeping all security tools at current release version and verifying updates through the project's PGP-signed release channels.
What Does the Update Mean for Nexus Access Security?
Related: Market Overview · OPSEC Guide · Crypto Guide · News Archive · Official Access Links