Chrome will notice users when a website is acessing local network

Chrome 130 (Canary is currently 128) will add a notice when a website is intending to visit a website on a user private network. I will let experts on to wheter this cover IP adresses (eg for router) as well.

What does this imply?

Will browsing through a VPN will be made more of a hassle or is this supposed to be a protection feature of sorts if something within the network is MITMing you?

Which in that case maybe bad guys will do it outside the private reserved networks such as 10.*.*.*, 172.*.*.* and 192.*.*.*?

What does this mean if I want to audit and inspect packets within my network and I plan to MITM myself?

Before a website A navigates to another site B in the user’s private network

This, to me, implies that navigating to site B manually (e.g., navigating manually to your router’s management page) would not trigger this alert – only malicious_site dot com linking to it would trigger it

1 Like

Yes, sounds like they want to prevent things like the router exploits, where a malicious website could trigger a 0day in the local router using JavaScript.