Update Tor Browser as soon as possible, developers warn after critical security release

If you use Tor Browser, don’t put off installing the latest update. The Tor Project has released Tor Browser 15.0.17, and while the browser update itself looks fairly small on paper, it includes a newer version of Tor with a collection of security fixes that developers want users to install right away.

The browser update bumps Tor to version 0.4.9.11 and also updates NoScript to version 13.6.25.1984. There are also a couple of build system changes behind the scenes, but they’re mostly relevant to developers.

The urgency comes from the Tor component itself.

Just two days before the browser update arrived, Tor developers announced Tor 0.4.9.11, describing it as a security release that fixes a series of recently reported vulnerabilities. They also revealed that the project has been dealing with an unusually high number of security reports, which led to releases arriving in quick succession.

In fact, version 0.4.9.10 was released on June 23 but never even received a proper announcement. Developers said they had to move almost immediately to 0.4.9.11 after additional issues surfaced.

Their advice in the release notes on the Tor Project’s website is to “update as soon as possible.”

The release notes mention several fixes affecting different parts of the Tor network. One of the most serious addresses a flaw involving onion services that, under very specific conditions, could allow a rendezvous point to impersonate the onion service a user was trying to reach. Another patch fixes a memory management issue that could potentially let a malicious exit node crash a Tor client.

There are also fixes for client stability, directory authorities, refreshed fallback directories, and updated GeoIP data. Most people don’t need to understand the technical details. What matters is that this isn’t a routine maintenance update. It’s a security release, and the project is encouraging users to install it without waiting.

That said, Tor isn’t the only browser project shipping security fixes lately. Just last week, Google rolled out Chrome updates fixing 18 security vulnerabilities, continuing a busy stretch of browser security releases across the industry. 

As Mozilla warned in a recent interview, with AI models like Claude Mythos and open source models nearing the same capabilities at a rapid pace, it’s going to be increasingly more important for users to install the latest security updates to be safe from new vulnerabilities.

Tor Browser 15.0.17 is now available through the browser’s built-in updater as well as the official download page. If you’ve been postponing updates, this is probably one you shouldn’t skip.

We stand out from the tech-media crowd because we break news stories; we mainly bring you stuff that you won’t find anywhere in the mainstream tech media. Our stories have been picked up by some of the world’s most popular websites and media outlets—more info is available here.