'Once the Tor Browser user goes to the website, the operating system can connect directly to the remote host and not through Tor Browser'. That way, Tor will not go through the switch relay and expose the real IP address.
'We still haven't seen this vulnerability exploited in practice,' said Tor Project. But an attacker can use reverse engineering and delete the patched code. A good programmer can easily understand how the bug works and exploit it.
Developers also said the patch to fix IP leaks is just a temporary solution, to help prevent IP leaks as quickly as possible, the file: // URL function may not work in some cases. . According to Tor developers, users can open the file: // URL by dragging and dropping the link to the new tab.