Chrome 130 (Canary is currently 128) will add a notice when a website is intending to visit a website on a user private network. I will let experts on to wheter this cover IP adresses (eg 192.168.0.1 for router) as well.
What does this imply?
Will browsing through a VPN will be made more of a hassle or is this supposed to be a protection feature of sorts if something within the network is MITMing you?
Which in that case maybe bad guys will do it outside the private reserved networks such as 10.*.*.*, 172.*.*.* and 192.*.*.*?
What does this mean if I want to audit and inspect packets within my network and I plan to MITM myself?
Before a website A navigates to another site B in the user’s private network
This, to me, implies that navigating to site B manually (e.g., navigating manually to your router’s management page) would not trigger this alert – only malicious_site dot com linking to it would trigger it
1 Like
Yes, sounds like they want to prevent things like the router exploits, where a malicious website could trigger a 0day in the local router using JavaScript.
2 Likes