Please disable your adblock and script blockers to view this page

New Chrome security measure aims to curtail an entire class of Web attack


Google
Chrome
PNA
Cross-Origin Resource Sharing
DNS
Google.com
Team Cymru
VoIP
DevTools
the Ars Orbital Transmission
CNMN Collection WIRED Media Group
Condé Nast


Dan Goodin

Android
Titouan Rigoudy
Eiji Kitamura
Ars

No matching tags

No matching tags

No matching tags


Chrome

No matching tags

Positivity     28.00%   
   Negativity   72.00%
The New York Times
SOURCE: https://arstechnica.com/information-technology/2022/01/new-chrome-security-measure-aims-to-curtail-an-entire-class-of-web-attack/
Write a review: Ars Technica
Summary

Now, Google is finally doing something about it.Starting in Chrome version 98, the browser will begin relaying requests when public websites want to access endpoints inside the private network of the person visiting the site. Somewhere around Chrome 101—assuming the results of this trial run don't indicate major parts of the Internet will be broken—it will be mandatory for public sites to have explicit permission before they can access endpoints behind the browser.The planned deprecation of this access comes as Google enables a new specification known as private network access, which permits public websites to access internal network resources only after the sites have explicitly requested it and the browser grants the request. For the request to be granted, the browser must respond with the corresponding header Access-Control-Allow-Private-Network: true.Up to now, websites have by default had the ability to use Chrome and other browsers as a proxy for accessing resources inside the local network of the person visiting the site.

As said here by Dan Goodin