November 26, 2020

Chrome v87 fixes NAT Slipstreaming attack

2 min read

Google Chrome has released Chrome version 87. In this new version, Google brings many new features and major improvements in the performance of Google Chrome.

This article mainly introduces the major security vulnerabilities fixed in Google Chrome 87, which theoretically affects all mainstream browsers.

This vulnerability is called NAT slipstreaming, the essence is based on JavaScript injecting data packets, but the vulnerability can bypass the firewall.

NAT is network address translation, and operators usually assign us NAT private addresses, because the current lack of IPv4 addresses cannot assign public addresses.

The advantage of NAT address is that it can save resources without too many IPv4 addresses. The disadvantage is that this kind of private address is not conducive to optimizing network performance and P2P software transmission.

Of course, the NAT address has an additional advantage that when the user does not obtain a public network address, in principle, an attacker cannot initiate an attack remotely through the network.

For example, when our router has vulnerabilities and is exposed on the Internet using a public network address, the attacker can find the port to launch an attack through automated program scanning.

The vulnerability revealed this time can penetrate the firewall to bypass the NAT and break through the browser port restrictions. The attacker only needs to induce the user to visit a specific website.

Although the stable version of Google Chrome fixes the problem, this is only a mitigation measure because it may not be able to completely solve the vulnerability for now.

There are many ways to fix this security flaw, but no matter which is, it has a negative impact on users.

For example, you can disable the ALG link tracking mechanism in the router firewall NAT, but after disabling, the VoIP-type call function may not be available.

If SIP ALG is improved but SIP is only part of it, other ALGs will also expose problems, which is not easy for hardware equipment manufacturers to repair.

The researchers who discovered the vulnerability said that all protocols and functions are in compliance with the standard, but when they are combined together for complex interactions, a messy problem arises.

This update of Google Chrome can prevent attackers from using Google Chrome as a proxy to launch attacks. Google’s fix is ​​to disable ports 5060 and 5061.

After disabling, theoretically, the attacker cannot use Google Chrome and these ports to bypass the firewall and NAT scheme and prevent the attacker from contacting the internal network.

However, disabling the port can only be a mitigation measure rather than the key to solving the problem, but for now, it can only do so and wait for the industry to discuss other fixes.

Mozilla and Apple have not yet released a fix, but the fix may be similar, and browser developers can only do this.

Via: ZDNet