Leaking IPs in Brave Tor Window & Chrome VPNs + Popunders + CSP Bypass

This writeup details multiple IP leak vulnerabilities I discovered affecting Brave's Tor window and Chrome VPN extensions that allowed a malicious actor to leak the real IP address of any visitor to a remote host. Also covers a connect-src CSP bypass for DNS-based data exfiltration and two new Popunder techniques that work on Chrome, Firefox & Safari.