Security News > 2021 > March > Google Chrome to block port 554 to stop NAT Slipstreaming attacks
Google Chrome will block the browser's access to TCP port 554 to protect against attacks using the NAT Slipstreaming 2.0 vulnerability.
Last year, security researchers disclosed a new version of the NAT Slipstreaming vulnerability that allows malicious scripts to bypass a website visitor's NAT firewall and access any TCP/UDP port on the visitor's internal network.
In January 2021, Google blocked HTTP, HTTPS, and FTP access to an additional seven ports: ports 69, 137, 161, 1719, 1720, 1723, and 6566.
In the past, Google also blocked port 554 but removed the block after complaints from enterprise users.
Google and Safari developers are also discussing blocking access to port 10080, which Firefox already blocks, but are hesitant due to legitimate web browser requests to that port.
Once a port is blocked, when a user attempts to connect to it, users are shown an error message stating 'ERR UNSAFE PORT.'.
News URL
Related news
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Google Cuts Off uBlock Origin on Chrome as Firefox Stands Firm on Ad Blockers (source)
- Malicious Chrome extensions can spoof password managers in new attack (source)
- Google acquisition target Wiz links fresh supply chain attack to 23K pwned GitHub repos (source)
- Google fixes Chrome zero-day exploited in espionage campaign (source)
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)
- Google fixes Android zero-days exploited in attacks, 60 other flaws (source)
- Phishers abuse Google OAuth to spoof Google in DKIM replay attack (source)
- Cookie-Bite attack PoC uses Chrome extension to steal session tokens (source)
- Google Drops Cookie Prompt in Chrome, Adds IP Protection to Incognito (source)