- cross-posted to:
- cybersecurity@infosec.pub
- cross-posted to:
- cybersecurity@infosec.pub
Bug:
Affected versions 12.23.1-12.72.0 (May 2022-Feb 2024) with split tunneling feature.
Impact:
Exposed visited domains to user’s ISP, potentially leaking browsing history.
Affected users:
Windows users with active split tunneling (about 1%).
Fix:
Upgrade to version 12.73.0 (removes split tunneling temporarily).
Alternatives:
Disable split tunneling or use ExpressVPN version 10.
Note:
All other traffic and content remain encrypted.
Mullvad: “Pathetic.”
ProtonVPN: “This guy, right?”