Google is working on a Chrome browser security measure designed to protect devices connected to your home or private network. As mentioned in a Chrome Platform Status page, the underdevelopment feature will monitor website requests to access network devices and make sure they are from secure sources.
Explaining the motivation behind the feature, the Chrome Platform Status page (via XDA) reads:
To prevent malicious websites from pivoting through the user agent's network position to attack devices and services which reasonably assumed they were unreachable from the Internet at large, by virtue of residing on the user’s local intranet or the user's machine.
Titled "Private network access checks for navigation requests," it will check if the request for permission is coming from a secure source. It will also check whether the target device allows private network access. Google is working to help developers test the feature and "prepare for the coming enforcement" by showing warnings after performing a series of checks.
The private network access feature doesn't have any Chrome flag assigned yet. However, it is expected to ship for Android and Desktop with the release of Chrome 123 or 124. While the security improvement is being tested for shortcomings, it won't take action on malicious requests that don't pass the vetting process to ensure it doesn't break anything, as per the status page.
The above checks are made to protect the user's private network. Since this feature is the "warning-only" mode, we do not fail the requests if any of the checks fails. Instead, a warning will be shown in the DevTools, to help developers prepare for the coming enforcement.
Chrome has existed for over 15 years now, and the Google-owned web browser still holds over 60% of the market share, according to StatCounter. After having a strong foothold on Intel-based PCs, Google also released a version of Chrome optimized for Windows on ARM last month.
4 Comments - Add comment