← Back to release summary

Block HTTP port 10080

Category

Network / Connectivity

Type

No developer-visible change

Status

Enabled by default (Chrome 91)

Intent stage

Shipped

Summary

Connections to HTTP, HTTPS or FTP servers on port 10080 will fail. This is a mitigation for the NAT Slipstream 2.0 attack. It helps developers by keeping the web platform safe for users.

Motivation

Mitigation for the NAT Slipstreaming attack: https://samy.pl/slipstream/. Preserves user confidence in the web by preventing their browser being used as a vector to attack their internal network.

Standards & signals

• Specification: https://fetch.spec.whatwg.org/#bad-port
• Firefox: Shipped/Shipping
• Safari: In development — Change landed in WebKit: https://bugs.webkit.org/show_bug.cgi?id=224432.
• Web developers: Positive

View on chromestatus.com