October 3, 2023

Google Chrome is now blocking HTTP, HTTPS, and FTP access to TCP port 10080 to prevent the ports from being abused in NAT Slipstreaming 2.0 attacks.

A new version of the NAT Slipstreaming vulnerability that allows scripts on malicious websites to bypass visitors’ NAT firewall and gain access to any TCP/UDP port on the visitor’s internal network modifies routing config and gain access to private network

As this vulnerability only works on specific ports monitored by a router’s Application Level Gateway (ALG), browser developers have been blocking vulnerable ports that do not receive a lot of traffic.

Google Chrome is blocking FTP, HTTP, and HTTPS access on ports 69, 137, 161, 554, 1719, 1720, 1723, 5060, 5061, and 6566 till now. Today, Google has stated that they intend to block TCP port 10080 in Chrome, which Firefox has already blocked since November 2020.

It is an attractive port for HTTP because it ends in in “80” and does not require root privileges to bind on Unix systems. Once a port is blocked, users are shown an error message stating ‘ERR_UNSAFE_PORT‘ when they attempt to access the port.

If you are currently hosting a website on port 10080, you may want to consider using a different port to allow Google Chrome to continue accessing the site.

Tags:

Leave a Reply

Related Post

Chrome Tailgates IE fix 0 Day

June 10, 2021

Google now let you Untrusted Extension

June 6, 2021

You may have missed

Industrial Control Systems and Vulnerability Management Process

October 2, 2023

McLaren Healthcare suffers a Ransomware Incident

October 2, 2023

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – September, 2023

October 2, 2023

TheCyberThrone Security Week In Review – September 30, 2023

October 1, 2023

Mozilla fixes CVE-2023-5217 Vulnerability in its Products

September 30, 2023

CISA KEV Update Part III – September 2023

September 30, 2023
%d bloggers like this: