An anonymous security researcher claimed they found that Brave’s Tor mode was sending queries for .onion domains to public internet DNS resolvers rather than Tor nodes. Brave was leaking DNS requests for onion sites and he was able to confirm it at the time.
Brave team announced a formal fix on Twitter. The patch was actually already live in The Brave Nightly version following a report more than two weeks ago, but after the public report this week, it will be pushed to the stable version for the next Brave browser update.
Version 1.20.108 is now available (via "About Brave" within the ☰ menu). This update fixes the DNS leak regression in Tor windows, addresses a couple crashing scenarios on macOS, and more.
— Brave Software (@brave) February 20, 2021