Auto-translation used

Google Chrome introduces the "Private Network Access Protection" feature

Google continues to improve the security of the Chrome web browser by introducing a new feature aimed at preventing attacks through public websites on devices located on private networks. This feature, called "Private Network Access Protection ," is designed to protect devices such as printers and routers that are not directly connected to the Internet.

It will be embedded in Google Chrome 123 and will work in the " warning only" mode. The main purpose of this function is to scan public sites and redirect from them. In particular, it will check whether the redirect resource allows access from a public website through certain requests, known as CORS-preflight requests.

The example provided by Google developers demonstrates an HTML iframe on a public website that performs a CSRF attack that changes the DNS configuration of a visitor's router on his local network. This allows attackers to change the settings of the user's network devices without their knowledge.

<iframe href="https://admin:admin@router.local/set_dns?server1=">

However, thanks to the new Chrome feature, when the browser detects that a public site is trying to connect to an internal device, it blocks sending such a preliminary request. At the moment,in the "warning only" mode, the function does not block requests, but shows developers a warning in the console DevTools that the verification failed.

This new feature is another step by Google in keeping users safe online. It will help protect private networks from attacks using public websites and provide a higher level of security when using the Chrome browser.

Comments 3

Login to leave a comment

Google Chrome: защищает твой принтер от мирных атак!


Интересно сильно ли будет нагружать устройство? в последнее время смотрю у меня Google Chrome реально много оперативной стал потреблять


Согласен. Поэтому (отчасти) для работы использую исключительно Firefox.