New Google Chrome feature blocks attacks against home networks

Google is testing a new feature to prevent malicious public websites from pivoting through a user's browser to attack devices and services on internal, private networks. More simply, Google plans to prevent bad websites on the internet from attacking a visitor's devices (like printers or routers) in your home or on your computer. People usually consider these devices safe as they're not directly connected to the internet and are protected by a router. "To prevent malicious websites from pivoting through the user agent's network position to attack devices and services which reasonably assumed they were unreachable from the Internet at large, by virtue of residing on the user's local intranet or the user's machine," Google described the idea in a support document.

The proposed "Private Network Access protections" feature, which will be in a "warning-only" mode in Chrome 123, conducts checks before a public website (referred to as "site A") directs a browser to visit another site (referred to as "site B") within the user's private network. 

While in the warning stage, even if the checks fail, the feature won't block the requests. Instead, developers will see a warning in the DevTools console, giving them time to adjust before stricter enforcement begins. The motivation behind this development is to prevent malicious websites on the internet from exploiting flaws on devices and servers in users' internal networks, which were presumed safe from internet-based threats.

Bleeping Computer 02/17/2024