This new Google Chrome feature will block attacks on home networks

Google is currently testing a new feature aimed at protecting users on private networks from attacks originating from malicious public websites. This feature, called "Private network access checks for navigation requests," will be available in the upcoming Google Chrome 123 browser, initally in a "warning only" mode.

Private network access checks for navigation requests in Chrome

The feature will scan public sites and any redirects from them, checking if the redirect resource allows access from a public website through CORS-preflight requests. An example provided by Google demonstrates how an HTML iframe on a public website could potentially perform a CSRF attack to change the DNS configuration of a visitor's router on their local network.

<iframe href="https://admin:admin@router.local/set_dns?server1=123.123.123.123">

</iframe>

If the browser detects that a public site is attempting to connect to an internal device, it will block the connection by sending a preliminary request. This block can be resolved using the “Access-Control-Request-Private-Network” header.

Initial version of the feature

During the warning stage, the feature will not automatically block requests, but instead, developers will see a warning in the DevTools console indicating that the verification failed. Google advises against automatically reloading the browser, as this could allow the request to go through even after being blocked. To prevent this, the company suggests blocking page auto-reload. This will prompt an error message instructing users to manually reload the page to resolve the request.

You can learn more here.

Support us

Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:

If you like this article, please share it using the buttons below. It won't take a lot from you, but it will help us grow. Thanks for your support!

Author: Sergey Tkachenko

Sergey Tkachenko is a software developer who started Winaero back in 2011. On this blog, Sergey is writing about everything connected to Microsoft, Windows and popular software. Follow him on Telegram, Twitter, and YouTube.

Leave a Reply

Your email address will not be published.

Exit mobile version
Using Telegram? Subscribe to the blog channel!
Hello. Add your message here.