The restrictions will be implemented through the implementation of the Private Network Access specification in the browser in the first half of 2022.
Chrome browser coming soon will start block sites from responding to and interacting with devices and servers on local private networks. The reason is security concerns and known cases of abuse.
The changes will be implemented by rolling out a new W3C specification called Private Network Access (PNA) to the browser in the first half of 2022. The new PNA specification adds a mechanism to Chrome through which sites can ask systems on local networks for permission to establish a connection.
Chrome will start sending a CORS pre-request before any private networks request for a subresource, Google explained. This preflight request is an explicit permission request from the target server. The preflight request will contain the new Access-Control-Request-Private-Network: true header, and the response will also need to contain the Access-Control-Allow-Private-Network: true header.
If local devices (servers, routers, etc.) do not respond, sites will not connect to them.
Since the early 2010s, cybercriminals have realized that browsers can be used as proxies to connect to internal corporate networks. For example, a malicious site may contain code that tries to connect to an IP address like 192.168.0.1, which is the address of most router administration panels.
When users visit such a malicious site, their browsers can automatically query the router without the users’ knowledge, sending malicious code capable of bypassing the router’s authentication and modifying its settings. This type of attack is not only theoretical and is periodically used in practice.
Variants of these attacks can also attack other local systems such as internal servers, domain controllers, firewalls, and even locally deployed applications (via a domain http://localhost or other locally defined domains).
By adding the PNA specification to Chrome and its permission negotiation system, Google intends to prevent such automated attacks.
According to Google, PNA is already shipping with Chrome 96, but full support will roll out this year in two phases to Chrome 98 (early March) and Chrome 101 (late May).
Possibly hundreds of millions of smartphones are at risk. A vulnerability has been discovered that manufacturers are in no hurry to fix
Google, as part of its Project Zero project, has published information about a new vulnerability CVE-2022-33917 that affects millions of smartphones.
The fact is that we are talking about a vulnerability in Mali GPUs, which are used in a huge number of single-chip systems. Google does not specify, but the Arm website has information that the vulnerability affects solutions based on the Valhall architecture. And this means that we are talking about a huge number of graphics cores that have been and are being used in SoCs in recent years, including the latest Mali-Gx10. That is, we are not talking about millions of vulnerable smartphones, but rather hundreds of millions of devices based on SoC MediaTek, Exynos and Tensor.
Arm itself patched the vulnerability some time ago, but the problem is that many vendors still haven’t implemented those patches. This applies to many devices from Samsung, Xiaomi, Oppo and even Google itself.
If exploited, the vulnerability is intended to allow an attacker to read and write physical pages after they are returned to the system, potentially gaining wide access to user data.
Elon Musk invited a famous hacker of iPhone and PlayStation consoles to Twitter
Elon Musk hired a hacker who created the world’s first iPhone jailbreak in 2007 and bypassed Sony consoles in 2010. We are talking about George Hotz (George Hotz), known under the nickname Geohot. He also founded the startup Comma.ai, where an autopilot system for cars is being developed.
In 2015, Hotz began building his own autopilot and offered Musk a license. Instead, the businessman invited a specialist to Tesla, but Hotz refused.
A November 16 Hotz wrote on Twitter, which supports Musk’s decisions about the “hardcore mode of operation.” He also stated that he was ready for an internship at Twitter with a minimum pay that is equal to the cost of living in San Francisco. Musk answered and invited the developer to Twitter.
First, the specialist will improve the advanced search in the social network so that users no longer set filters manually.
Earlier it was reported that Musk took up the “fire servers.”
Hackers hacked one of Nvidia’s Twitter accounts to “advertise” Dogecoin
The official Nvidia Taiwan Twitter account has been hacked.
This account has been inactive since 2019, but today unexpectedly posted posts related to the Dogecoin cryptocurrency. Given the recent purchase of Twitter by Elon Musk and his love for this cryptocurrency, the situation looks quite funny.
Be that as it may, the attackers published a record about a certain Dogeathon 2022 event and added a link to the record. Of course, the link was used for phishing.
The account is currently suspended. Nvidia itself has not yet commented on the situation.
Apple Declares 2013 and 2014 iMacs Obsolete and Watch Series 2 Smartwatches ‘Vintage’
Apple has added three models of iMacs to its list of obsolete products: a 21.5-inch screen from 2013, a 21.5-inch...
There are almost 1 billion 5G users. Ericsson report shows that operators often ask for more money for such tariffs.
According to a report by Ericsson cited by The Verge, by the end of this year, the number of 5G...
Is Apple Helping the Chinese Government Fight Protests? The company cut the AirDrop function in the Middle Kingdom
The history of protests in China is overgrown with new interesting details related to IT companies. Just weeks before the...
Four cameras with a resolution of 12 to 60 megapixels, a waterfall screen and IP68. Motorola Moto X40 Pro first appeared on renderings
The Motorola Moto X40 Pro smartphone has been spotted in the first full-fledged renders created by an OnLeaks insider who...
Electric Cars6 days ago
If you want faster, pay: Mercedes will introduce a subscription for $ 100 per month to accelerate electric cars a second faster
Components4 days ago
What the new AMD processor is capable of for thin and cheap laptops. Ryzen 3 7320U Benchmarks Appeared
Phones6 days ago
Rumor: Apple wanted to release a stylus for the iPhone 14, but canceled the launch at the very last moment
Software4 days ago
Twitter on the rise: Elon Musk began to recruit employees again after a wave of layoffs, and also told what to expect