Brave browser helper pinging thousands of IPs in the world

Ugle · August 24, 2025, 3:21am

Im on Brave 1.80.125 (Official Build) on Mac 15.16.1

So my mac has been compromised and one of the clear signs was that Brave displayed results in the language that I know my hackers are from. Then I did a forensics of my Mac which is indeed unfortunately compromised and started looking at all potentials sources.

Then while Brave does NOTHING to help you figure out where the requests or pings come from, why it thinks you’re in another specific country or which one besides the language, or even which extension it might be coming from as it hides it instead of having an easy task manager style way of seeing it.

But thanks to Little Snitch I realized that Brave browser helper was connecting to thousands of IP addresses in the world

more than 2000 addresses are accessing my Brave browser or being pinged making impossible to troubleshoot extraneous connections. There’s no way to troubleshoot extension since (like Chrome) it won’t show you the actual informations circulating or operated through those extension besides roughly how much ram they use…

So Im about to nuke everything but probably wont ever use or let anyone in my circle make the mistake of using this browser if I can’t figure out why and how to secure it.

289wk · August 24, 2025, 5:41am

@Ugle

Please edit your Original Post (“OP”) above, in order to include:

Brave Browser version numbers
Operating System version numbers

In the MacOS Settings > Network > among the network location settings, you can frustrate IPv6 usage, by selecting Link-Local Only:

2a03:2880:f356:c0:face:b00c:0:43fe is Facebook, Ireland
2607:f8b0:4009:81b::200a is a Google server in the U.S.
2a03:2880:f356:8d:face:b00c:0:2 is another Facebook address

Online info from Facebook: " a growing percentage of Facebook internet traffic that is being handled through the new IPv6 protocol"

You might use both the Brave Browser Task Manager and the MacOS Activity Monitor - and match the Process ID (“PID”) numbers.

You might learn how to block domains and hostnames - via Little Snitch and also by editing your Mac’s hosts file.

You can select connections in the Little Snitch Network Monitor window’s left-hand pane and delete them - all of them, if you wish . . . and then monitor from scratch (see how many IPv6 connections develop in 1 day, for example); the Little Snitch Network Monitor window (image copied from Little Snitch website):

You might monitor / study the Brave Browser Developer Tools > Network window.

How to Use Developer Tools

Opening the Developer Tools window

MacOS users, key combination: Option + Command + "i" ("eye", no quotes)

Windows OS / Linux OS users, key combination:

Control + Shift + "i" ("eye", no quotes) gets the Developer Tools > Network tab window

Control + Shift + "j" ("jay", no quotes) gets the Developer Tools > Console tab window

Or, use the F12 key ← also works for MacOS users.

On the first occasion of using Developer Tools, the Developer Tools “window” is usually a part of (contained within) its associated Brave Browser window . . . but you can make the Developer Tools window, a standalone window (though keeping its association with the Brave Browser window). I recommend that you do so:

In the upper right-hand corner of the Developer Tools window, there is an “Organizer” 3-vertical-dots button - click on that. The result should be a pop-up:

Screen Shot 2024-11-02 at 3.03.02 PM

Notice the tiny blue icon that is first (left to right) among 4 that are to the right of “Dock side”. Click on that icon. The Developer Tools window will become a standalone window.

How to use Developer Tools:

Developer Tools > Network:

Ugle · August 26, 2025, 9:37pm

Hi, I activated the link-local only but it doesn’t change that Brave is acting a completely unsecure relay for 2500 IP address? And now I notice that the Video Capture process is active.

Is Brave completely bogus in terms of security? How can I CLEARLY and straight-up prevent any IP that is not used by a tab at the exception of hidden tracker and service it’s supposed to block?

Ugle · September 3, 2025, 8:17am

So still no solution? Why the heck is brave leaking to TWO thousands of IPs around the world?

system · October 3, 2025, 8:18am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Little Snitch Is Always Alerting me that Brave is going to a lot of oddball sites Desktop Support macos	7	1090	April 16, 2022
Why is Brave constantly connecting to local network (10.0.x.x) Desktop Support macos	8	2303	June 26, 2020
Brave connects to "suspicious" IP address Desktop Support browser , macos	9	336	May 25, 2025
SECURITY: Hidden Brave extension snoops on all users privacy	1	489	July 3, 2021
"Your browser is managed" Desktop Support macos	6	3695	November 28, 2021
Unknown UDP connection via Brave Helper Desktop Support macos	9	910	November 20, 2020
Cannot open local ip addresses Desktop Support browser , macos	7	5893	November 5, 2024
Man-in-the-middle used on Brave on MacOS	2	384	August 29, 2023

Brave browser helper pinging thousands of IPs in the world

Related topics