Security News > 2020 > November > Google Chrome 87 Closes High-Severity ‘NAT Slipstreaming’ Hole
Google has released patches for several high-severity vulnerabilities in its Chrome browser with the rollout of Chrome 87 for Windows, Mac and Linux users.
At a high level, an attacker could remotely exploit the flaw by persuading a victim to visit a specially crafted website.
"NAT Slipstreaming allows an attacker to remotely access any TCP/UDP service bound to a victim machine, bypassing the victim's NAT/firewall, just by the victim visiting a website," Kamkar said in his analysis of the issue.
NAT Slipstreaming exploits the user's browser in conjunction with ALG. "This attack takes advantage of arbitrary control of the data portion of some TCP and UDP packets without including HTTP or other headers; the attack performs this new packet injection technique across all major modern browsers, and is a modernized version to my original NAT Pinning technique from 2010," said Kamkar.
Kamkar said he doesn't consider NAT Slipstreaming to be technically a flaw as there's no actual "Bug" in browsers or routers and both are doing exactly as they're supposed to.
News URL
https://threatpost.com/google-chrome-87-nat-slipstreaming-flaw/161344/
Related news
- Google Chrome’s AI feature lets you quickly check website trustworthiness (source)
- Google Chrome uses AI to analyze pages in new scam detection feature (source)
- New details reveal how hackers hijacked 35 Google Chrome extensions (source)
- Google Chrome is making it easier to share specific parts of long PDFs (source)
- Google says new scam protection feature in Chrome uses AI (source)