Chrome will block port 554 to prevent NAT Slipstreaming attacks

by ·

The Chrome browser will block the browser’s access to TCP port 554 to prevent attacks using the NAT Slipstreaming 2.0 vulnerability.

Last year, security researchers disclosed a new version of the NAT Slipstreaming vulnerability, which allows malicious scripts to bypass the NAT firewall of website visitors and access any TCP/UDP port on the visitor’s internal network.

Because this vulnerability only works on specific ports monitored by the router’s application layer gateway (ALG), browser developers including Chrome, Safari, and Mozilla have blocked vulnerable ports that do not receive a lot of traffic. When the vulnerability was first disclosed, Chrome 87 began to block HTTP and HTTPS access to TCP ports 5060 and 5061 to prevent the vulnerability.

In January 2021, Google blocked HTTP, HTTPS, and FTP access to another seven ports, including ports 69, 137, 161, 1719, 1720, 1723, and 6566. In the past, Chrome had also blocked port 554, but it was unblocked after business users complained.
However, Chromium engineer Adam Rice announced that the current development has reached a consensus on Github, and port 554 will be blocked again.

Google and Safari developers are also discussing blocking port 10080, Firefox has blocked this port, but due to the legitimate request of the web browser for this port, the developers are hesitant. Once a port is blocked, when the user tries to connect to the port, an error message will be shown as ‘ERR_UNSAFE_PORT’. If a developer hosts the website on these ports, they should switch to other ports so that users can continue to visit the website without being affected by these ports.

In addition, Firefox 84 or higher and Safari have blocked port 554 in their browsers.

Tags: