Security News > 2020 > November > Google Chrome 87 Closes High-Severity ‘NAT Slipstreaming’ Hole
Google has released patches for several high-severity vulnerabilities in its Chrome browser with the rollout of Chrome 87 for Windows, Mac and Linux users.
At a high level, an attacker could remotely exploit the flaw by persuading a victim to visit a specially crafted website.
"NAT Slipstreaming allows an attacker to remotely access any TCP/UDP service bound to a victim machine, bypassing the victim's NAT/firewall, just by the victim visiting a website," Kamkar said in his analysis of the issue.
NAT Slipstreaming exploits the user's browser in conjunction with ALG. "This attack takes advantage of arbitrary control of the data portion of some TCP and UDP packets without including HTTP or other headers; the attack performs this new packet injection technique across all major modern browsers, and is a modernized version to my original NAT Pinning technique from 2010," said Kamkar.
Kamkar said he doesn't consider NAT Slipstreaming to be technically a flaw as there's no actual "Bug" in browsers or routers and both are doing exactly as they're supposed to.
News URL
https://threatpost.com/google-chrome-87-nat-slipstreaming-flaw/161344/
Related news
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- How to enable Safe Browsing in Google Chrome on Android (source)
- Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices (source)
- New tool bypasses Google Chrome’s new cookie encryption system (source)
- Google to let businesses create curated Chrome Web Stores for extensions (source)
- Google says “Enhanced protection” feature in Chrome now uses AI (source)