Security News > 2021 > April > Google Chrome blocks a new port to stop NAT Slipstreaming attacks

Google Chrome blocks a new port to stop NAT Slipstreaming attacks
2021-04-08 20:50

Google Chrome is now blocking HTTP, HTTPS, and FTP access to TCP port 10080 to prevent the ports from being abused in NAT Slipstreaming 2.0 attacks.

Last year, security researcher Samy Kamkar disclosed a new version of the NAT Slipstreaming vulnerability that allows scripts on malicious websites to bypass visitors' NAT firewall and gain access to any TCP/UDP port on the visitor's internal network.

Today, Google has stated that they intend to block TCP port 10080 in Chrome, which Firefox has already blocked since November 2020.

In discussions regarding whether the port should be blocked, browser developers determined that the Amanda backup software and VMWare vCenter utilize the port but would not be affected by the block.

The most concerning point regarding blocking port 10080 is that some developers may utilize it as an alternative to port 80.

If you are currently hosting a website on port 10080, you may want to consider using a different port to allow Google Chrome to continue accessing the site.


News URL

https://www.bleepingcomputer.com/news/security/google-chrome-blocks-a-new-port-to-stop-nat-slipstreaming-attacks/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 102 253 4216 4506 727 9702