Security News > 2020 > November > Google Chrome 87 Closes High-Severity ‘NAT Slipstreaming’ Hole
Google has released patches for several high-severity vulnerabilities in its Chrome browser with the rollout of Chrome 87 for Windows, Mac and Linux users.
At a high level, an attacker could remotely exploit the flaw by persuading a victim to visit a specially crafted website.
"NAT Slipstreaming allows an attacker to remotely access any TCP/UDP service bound to a victim machine, bypassing the victim's NAT/firewall, just by the victim visiting a website," Kamkar said in his analysis of the issue.
NAT Slipstreaming exploits the user's browser in conjunction with ALG. "This attack takes advantage of arbitrary control of the data portion of some TCP and UDP packets without including HTTP or other headers; the attack performs this new packet injection technique across all major modern browsers, and is a modernized version to my original NAT Pinning technique from 2010," said Kamkar.
Kamkar said he doesn't consider NAT Slipstreaming to be technically a flaw as there's no actual "Bug" in browsers or routers and both are doing exactly as they're supposed to.
News URL
https://threatpost.com/google-chrome-87-nat-slipstreaming-flaw/161344/
Related news
- Google Chrome gets a mind of its own for some security fixes (source)
- Google Chrome Switches to ML-KEM for Post-Quantum Cryptography Defense (source)
- New Google Chrome feature will translate complex pages in real time (source)
- New Octo Android malware version impersonates NordVPN, Google Chrome (source)
- Google fixes ninth Chrome zero-day exploited in attacks this year (source)
- Google fixes ninth Chrome zero-day tagged as exploited this year (source)
- Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild (source)
- Google tags a tenth Chrome zero-day as exploited this year (source)
- Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation (source)
- Google increases Chrome bug bounty rewards up to $250,000 (source)