Google Chrome intends to block port 10080 for traffic over HTTP, HTTPS, and FTP access to TCP to prevent exploitation in NAT Slipstreaming 2.0 attacks.
Last year, security researchers found a new version of the NAT Slipstreaming vulnerability that supports scripts on malicious websites. This attack relies on tricking the victim into visiting a malicious website that exploits the victim’s browser. In this attack, just when the victim visits a website, an attacker remotely accesses any TCP/UDP service bound to a victim machine, bypassing the victim’s NAT/firewall. Exploiting these vulnerabilities, threat actors can perform a wide range of actions from modifying router configurations to gaining access to private network services.
This vulnerability is exploitable only on specific ports monitored by a router’s Application Level Gateway (ALG). Some developers have already blocked vulnerable ports since they do not get a lot of traffic. For example, Firefox has already blocked TCP port 10080 since November 2020.
Google Chrome is already blocking FTP, HTTP, and HTTPS access on ports 69, 137, 161, 554, 1719, 1720, 1723, 5060, 5061, and 6566. Now, Google has stated that they intended to block TCP port 10080.
Amanda backup software and VMWare vCenter utilize port 10080 but developers note the products would not be affected by the block. Once blocked it would, though, impact developers who use it as an alternative to port 80:
“It is an attractive port for HTTP because it ends in in “80” and does not require root privileges to bind on Unix systems,” Google Chrome developer Adam Rice explains.
Rice said he would add an enterprise policy so that developers can continue using this port.
Google has blocked the port, and users currently see an error message stating ‘ERR_UNSAFE_PORT’ when attempting to access the port.
Google developers advised those hosting a website on port 10080 that they used a different port to continue accessing the site.
