Chrome Is Getting A New Weapon In Escalating The War With Hackers
Private Network Access, formerly known as CORS-RFC1918, “is a web specification which aims to protect websites accessed over the private network (either on localhost or a private IP address) from malicious requests from websites located outside the private network.”
Typically, devices on a home network might assume they are secure by means of being on the owner’s local intranet or machine and thereby unreachable from the internet. However, this is simply not the case as accessing a website exposes your intranet, allowing an attacker to hop from the outside in and compromise your devices.
PNA looks to address this in a few ways, firstly by blocking non-HTTPS websites from public IP addresses from making requests to private IP addresses or the localhost. This first step is indicative of the larger means of securing private networks, though, wherein generally, private network requests are blocked if they come from non-secure contexts.
As it stands, this feature is in development and will be rolled out initially in a warning mode, which will eventually turn into a full blocking mode once people have made necessary adjustments to the change. All told, this could prove to be an incredibly useful security feature that lies in the background and won’t affect end users all that much.
Hopefully it won’t take too long to get this out there, but in the meantime, end users should always be aware of the links they are clicking and only access sites which they trust. You never know what could be lurking out there on the internet trying to pwn your home network.
