Connections to HTTP, HTTPS or FTP servers on ports 69, 137, 161, 1719, 1720, 1723 or 6566 will fail. This is a mitigation for the NAT Slipstream 2.0 attack: https://www.armis.com/resources/iot-security-blog/nat-slipstreaming-v2-0-new-attack-variant-can-expose-all-internal-network-devices-to-the-internet/. It helps developers by keeping the web platform safe for users.
This security fix has already shipped in version 87.0.4280.117. This intent has been delayed until the vulnerability was publicly disclosed.
Safari, Firefox and Chrome have coordinated to fix this issue, so interoperability risk is small. Existing web servers on the affected ports will no longer be accessible. Since it is not common practice to run servers on these ports, the impact is expected to be small.
This is a mitigation for a known attack. The underlying issue of NAT devices being tricked into creating port forwards cannot be fixed in the browser.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAC_ixdxmy%2BnbtacO9sK2v7QhvMn_g2CQdwO8%2B2EYLb_sjEN0Ag%40mail.gmail.com.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/47ca8b86-130b-eddf-3b35-4b1f3f45ee62%40igalia.com.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/47ca8b86-130b-eddf-3b35-4b1f3f45ee62%40igalia.com.