Connect with us
Chrome will restrict access to private networks for security reasons Chrome will restrict access to private networks for security reasons

Security

Chrome will restrict access to private networks for security reasons

Published

on

The restrictions will be implemented through the implementation of the Private Network Access specification in the browser in the first half of 2022.

image

Chrome browser coming soon will start block sites from responding to and interacting with devices and servers on local private networks. The reason is security concerns and known cases of abuse.

The changes will be implemented by rolling out a new W3C specification called Private Network Access (PNA) to the browser in the first half of 2022. The new PNA specification adds a mechanism to Chrome through which sites can ask systems on local networks for permission to establish a connection.

Chrome will start sending a CORS pre-request before any private networks request for a subresource, Google explained. This preflight request is an explicit permission request from the target server. The preflight request will contain the new Access-Control-Request-Private-Network: true header, and the response will also need to contain the Access-Control-Allow-Private-Network: true header.

If local devices (servers, routers, etc.) do not respond, sites will not connect to them.

Since the early 2010s, cybercriminals have realized that browsers can be used as proxies to connect to internal corporate networks. For example, a malicious site may contain code that tries to connect to an IP address like 192.168.0.1, which is the address of most router administration panels.

When users visit such a malicious site, their browsers can automatically query the router without the users’ knowledge, sending malicious code capable of bypassing the router’s authentication and modifying its settings. This type of attack is not only theoretical and is periodically used in practice.

Variants of these attacks can also attack other local systems such as internal servers, domain controllers, firewalls, and even locally deployed applications (via a domain http://localhost or other locally defined domains).

By adding the PNA specification to Chrome and its permission negotiation system, Google intends to prevent such automated attacks.

According to Google, PNA is already shipping with Chrome 96, but full support will roll out this year in two phases to Chrome 98 (early March) and Chrome 101 (late May).

.

Click to comment

Leave a Reply

Your email address will not be published.

Phones

Possibly hundreds of millions of smartphones are at risk. A vulnerability has been discovered that manufacturers are in no hurry to fix

Published

on

Possibly hundreds of millions of smartphones are at risk A

Google, as part of its Project Zero project, has published information about a new vulnerability CVE-2022-33917 that affects millions of smartphones.

Possibly hundreds of millions of smartphones are at risk.  A vulnerability has been discovered that manufacturers are in no hurry to fix

The fact is that we are talking about a vulnerability in Mali GPUs, which are used in a huge number of single-chip systems. Google does not specify, but the Arm website has information that the vulnerability affects solutions based on the Valhall architecture. And this means that we are talking about a huge number of graphics cores that have been and are being used in SoCs in recent years, including the latest Mali-Gx10. That is, we are not talking about millions of vulnerable smartphones, but rather hundreds of millions of devices based on SoC MediaTek, Exynos and Tensor.

Arm itself patched the vulnerability some time ago, but the problem is that many vendors still haven’t implemented those patches. This applies to many devices from Samsung, Xiaomi, Oppo and even Google itself.

If exploited, the vulnerability is intended to allow an attacker to read and write physical pages after they are returned to the system, potentially gaining wide access to user data.

Continue Reading

Gaming

Elon Musk invited a famous hacker of iPhone and PlayStation consoles to Twitter

Published

on

Elon Musk invited a famous hacker of iPhone and PlayStation

Elon Musk hired a hacker who created the world’s first iPhone jailbreak in 2007 and bypassed Sony consoles in 2010. We are talking about George Hotz (George Hotz), known under the nickname Geohot. He also founded the startup Comma.ai, where an autopilot system for cars is being developed.

Elon Musk invited a famous hacker of iPhone and PlayStation consoles to Twitter

In 2015, Hotz began building his own autopilot and offered Musk a license. Instead, the businessman invited a specialist to Tesla, but Hotz refused.

A November 16 Hotz wrote on Twitter, which supports Musk’s decisions about the “hardcore mode of operation.” He also stated that he was ready for an internship at Twitter with a minimum pay that is equal to the cost of living in San Francisco. Musk answered and invited the developer to Twitter.

Elon Musk invited a famous hacker of iPhone and PlayStation consoles to Twitter

George Hotz

First, the specialist will improve the advanced search in the social network so that users no longer set filters manually.

Earlier it was reported that Musk took up the “fire servers.”

Continue Reading

Security

Hackers hacked one of Nvidia’s Twitter accounts to “advertise” Dogecoin

Published

on

Hackers hacked one of Nvidias Twitter accounts to advertise Dogecoin

The official Nvidia Taiwan Twitter account has been hacked.

Hackers hacked one of Nvidia's Twitter accounts to

This account has been inactive since 2019, but today unexpectedly posted posts related to the Dogecoin cryptocurrency. Given the recent purchase of Twitter by Elon Musk and his love for this cryptocurrency, the situation looks quite funny.

Be that as it may, the attackers published a record about a certain Dogeathon 2022 event and added a link to the record. Of course, the link was used for phishing.

The account is currently suspended. Nvidia itself has not yet commented on the situation.

Continue Reading

Most Popular