Security News > 2021 > April > Google Chrome blocks port 10080 to stop NAT Slipstreaming attacks
Google Chrome is now blocking HTTP, HTTPS, and FTP access to TCP port 10080 to prevent the ports from being abused in NAT Slipstreaming 2.0 attacks.
Last year, security researcher Samy Kamkar disclosed a new version of the NAT Slipstreaming vulnerability that allows scripts on malicious websites to bypass visitors' NAT firewall and gain access to any TCP/UDP port on the visitor's internal network.
Today, Google has stated that they intend to block TCP port 10080 in Chrome, which Firefox has already blocked since November 2020.
In discussions regarding whether the port should be blocked, browser developers determined that the Amanda backup software and VMWare vCenter utilize the port but would not be affected by the block.
The most concerning point regarding blocking port 10080 is that some developers may utilize it as an alternative to port 80.
If you are currently hosting a website on port 10080, you may want to consider using a different port to allow Google Chrome to continue accessing the site.
News URL
Related news
- Google fixes ninth Chrome zero-day exploited in attacks this year (source)
- Google Chrome gets a mind of its own for some security fixes (source)
- Google Chrome Switches to ML-KEM for Post-Quantum Cryptography Defense (source)
- New Google Chrome feature will translate complex pages in real time (source)
- New Octo Android malware version impersonates NordVPN, Google Chrome (source)
- Google raps Iran's APT42 for raining down spear-phishing attacks (source)
- Google to Remove App that Made Google Pixel Devices Vulnerable to Attacks (source)
- Google fixes ninth Chrome zero-day tagged as exploited this year (source)
- Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild (source)
- New Qilin Ransomware Attack Uses VPN Credentials, Steals Chrome Data (source)