Tor Browser 15 Strips AI, Patches Critical Exploits

Tor Browser 15.0 dropped October 28, 2025, and the biggest change is what the developers deleted. Mozilla spent months building AI chatbot integrations into Firefox, adding sidebar access to ChatGPT, Claude, and Google Gemini. Tor ripped all of it out.

(member quiz at bottom)

The rationale was direct: "Machine learning systems and platforms are inherently un-auditable from a security and privacy perspective." There is no technical method to verify what these systems do with your data. Since Tor's purpose is preserving anonymity against state-level adversaries, shipping code that phones home to AI companies would undermine everything.

This puts Tor in direct opposition to the entire browser industry. Chrome pushes Gemini. Edge defaults to Copilot. Safari added Apple Intelligence. Mozilla positioned its AI features as essential modernization. Tor called it incompatible with privacy and deleted them.

Tor Browser 15.0 is built on Firefox ESR 140, Mozilla's Extended Support Release. ESR versions bundle a year's worth of changes from monthly Firefox releases. The Tor team conducted an "ESR transition audit," reviewing approximately 200 issues where Firefox modifications could damage privacy or security. Every feature Mozilla shipped got re-evaluated through actual threat modeling.

That audit matters because browsers ship with massive attack surfaces. Mozilla fixed five high-severity vulnerabilities in Firefox ESR 140.1 plus another seven in ESR 140.4. These were exploitable bugs allowing arbitrary code execution.

CVE-2025-8027 hit 64-bit platforms where IonMonkey's JIT compiler only wrote 32 bits of a 64-bit return value to the stack. Attackers could exploit this to manipulate program execution flow. CVE-2025-8028 affected Arm64 systems running WebAssembly. Excessive entries in a br_table instruction caused label truncation, making the processor jump to wrong memory addresses.

CVE-2025-11708 was a use-after-free bug in MediaTrackGraphImpl::GetInstance(). The program frees memory, continues using it, and attackers can fill that freed space with malicious data structures the program then executes. CVE-2025-11709 showed how process isolation fails. A compromised web content process could trigger out-of-bounds reads and writes in privileged browser processes using manipulated WebGL textures. WebGL passes GPU commands across process boundaries. If the web process lies about texture dimensions, the GPU process might read or write beyond allocated buffers, leaking data or corrupting memory in a higher-privilege process.

CVE-2025-11710 exploited inter-process communication. Malicious IPC messages from a compromised web process could force the privileged browser process to leak memory contents. Modern browsers use multi-process architectures to contain exploits. These bugs proved that process boundaries alone do not guarantee security when IPC channels are not hardened.

CVE-2025-8031 leaked HTTP credentials in Content Security Policy violation reports. When a page with HTTP Basic Auth triggered a CSP violation, Firefox sent the username:password credentials to the CSP reporting endpoint. CSP reports often go to third-party analytics services. This design flaw handed credentials to whoever configured the CSP reporting URI.

CVE-2025-8032 let XSLT documents bypass Content Security Policy entirely. CSP restricts where pages can load resources. XSLT transformations in Firefox ignored these restrictions, allowing attackers to load malicious scripts even when CSP should block them.

Tor Browser 15 inherits fixes for all these vulnerabilities plus features Mozilla built for Firefox 136-140. Vertical tabs move tabs from the top to a sidebar. Tab groups let you drag one tab onto another to create collapsible, color-coded collections. Users with dozens of tabs can organize them into logical categories instead of scrolling through endless favicons.

Android users get screen lock, which automatically locks the browser when switching to another app. Returning requires fingerprint, face recognition, or passcode authentication. Mobile phones get grabbed, handed to others, or left unattended. Screen lock protects against casual snooping.

The Tor team cleaned up branding. Previous versions still showed Firefox and Mozilla elements. Version 15 removed all of it. Every Mozilla service integration is a potential data leak. Stripping out references to Firefox Sync, Mozilla accounts, and telemetry systems reduces attack surface. The browser now consistently displays full URL protocols in the address bar, showing https:// instead of hiding it. Seeing the full URL helps users verify they connected to the intended site over a secure channel.

WebAssembly restrictions moved from browser preferences to the NoScript extension. NoScript blocks scripts by default. Moving WebAssembly control to NoScript allows the built-in PDF renderer to function at higher security levels while still letting users block WASM on untrusted sites. WebAssembly can be abused for fingerprinting and cryptomining, so granular control matters.

Tor Browser 15 will be the last major release supporting x86 CPU architectures on Linux and Android, plus Android 5.0-7.0. These platforms receive security patches until Tor Browser 16.0 arrives mid-2026, then support ends. Android 5.0 launched in 2014. Maintaining compatibility with decade-old operating systems limits what security features can be implemented. Modern exploit mitigations require newer kernel features. Ending support allows the Tor team to adopt hardening techniques unavailable on ancient systems.

Tor Browser development operates on a different model than commercial browsers. Google pays thousands of engineers for Chrome. Mozilla has hundreds for Firefox. The Tor Project has a small team funded through donations and grants. Every feature decision involves tradeoffs. That resource constraint informs the AI removal. Maintaining AI integrations requires testing against multiple vendor APIs, monitoring for privacy violations, and handling API changes. Every line of code touching external services expands the attack surface. Deleting that code entirely is cheaper, faster, and more secure.

Mozilla claims AI features are optional. Users can disable them in settings. That argument ignores how software gets used. Default settings determine behavior for most users. Shipping AI integrations as opt-out features means most people will use them without understanding implications. Deleting them entirely is the only option guaranteeing they cannot leak data.

The phrase "un-auditable" in the Tor Project's explanation matters. Modern AI systems are neural networks with billions of parameters trained on datasets scraped from the internet. Behavior emerges from training data and architectures too complex for humans to fully understand. Companies cannot explain why their models produce specific outputs. If creators cannot explain their own systems, third-party auditors cannot verify them. Security auditing requires understanding what code does, identifying failure modes, and confirming it behaves correctly under adversarial conditions. Neural networks resist this analysis.

Tor Browser 15 represents a clear philosophical stance: privacy tools should not include components that undermine their core mission.

AI integrations fail that test. No matter how useful chatbots might be, shipping them in a browser designed for anonymity contradicts the fundamental purpose.

The updates to tab management, security patches, and quality improvements demonstrate that rejecting AI does not mean rejecting progress. Vertical tabs and tab groups improve usability. Screen lock enhances mobile security. Fixing memory corruption bugs and IPC exploits protects against real attacks.

You can have a modern, functional browser without integrating machine learning models operated by companies with massive data collection operations. Tor Browser 15 proves it. The question facing the rest of the browser industry is whether they will follow that model or continue down the path of datafication dressed up as innovation.

Download Tor Browser 15.0 from the official website. Verify the signature. Route your traffic through the network. The tools exist, use them.