Websites located on Tor use onion URL addresses that users can only access through the Tor network. For example, DuckDuckGo's Tor address is https://3g2upl4pq6kufc4m.onion/ and the New York Time's address is https://www.nytimes3xbfgragh.onion/.

To access Tor onion URLs, Brave added a 'Private Window with Tor' mode that acts as a proxy to the Tor network. When you attempt to connect to an onion URL, your request is proxied through volunteer-run Tor nodes who make the request for you and send back the returned HTML.

[...] However, a bug in Brave's 'Private window with Tor' mode is causing the onion URL for any Tor address you visit to also be sent as a standard DNS query to your machine's configured DNS server.

This bug was first reported in a Reddit post and later confirmed by James Kettle, the Director of Research at PortSwigger.

This issue is caused by Brave's CNAME decloaking ad-blocking feature that blocks third-party tracking scripts that use CNAME DNS records to impersonate a first-party script.

To prevent Tor URLs from being sent to configured DNS servers, Brave has disabled the CNAME adblocking feature when in the Tor browsing mode.