Security News > 2021 > April > Google Chrome blocks a new port to stop NAT Slipstreaming attacks
Google Chrome is now blocking HTTP, HTTPS, and FTP access to TCP port 10080 to prevent the ports from being abused in NAT Slipstreaming 2.0 attacks.
Last year, security researcher Samy Kamkar disclosed a new version of the NAT Slipstreaming vulnerability that allows scripts on malicious websites to bypass visitors' NAT firewall and gain access to any TCP/UDP port on the visitor's internal network.
Today, Google has stated that they intend to block TCP port 10080 in Chrome, which Firefox has already blocked since November 2020.
In discussions regarding whether the port should be blocked, browser developers determined that the Amanda backup software and VMWare vCenter utilize the port but would not be affected by the block.
The most concerning point regarding blocking port 10080 is that some developers may utilize it as an alternative to port 80.
If you are currently hosting a website on port 10080, you may want to consider using a different port to allow Google Chrome to continue accessing the site.
News URL
Related news
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Google Cuts Off uBlock Origin on Chrome as Firefox Stands Firm on Ad Blockers (source)
- Malicious Chrome extensions can spoof password managers in new attack (source)
- Google acquisition target Wiz links fresh supply chain attack to 23K pwned GitHub repos (source)
- Google fixes Chrome zero-day exploited in espionage campaign (source)
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)
- Google fixes Android zero-days exploited in attacks, 60 other flaws (source)
- Phishers abuse Google OAuth to spoof Google in DKIM replay attack (source)
- Cookie-Bite attack PoC uses Chrome extension to steal session tokens (source)
- Google Drops Cookie Prompt in Chrome, Adds IP Protection to Incognito (source)