Google Chrome will soon prevent malicious websites from attacking your home network

[harlan4096]

Google Chrome is getting a new security feature that can help prevent websites from attacking your home network. The mechanism has been termed "Private Network Access for Navigation Requests".

To be more specific, the feature which was spotted by XDA, has been designed to protect the devices that are connected to your home network, from being infected. This is done by restricting the navigation requests that may be initiated by a malicious website.

Google Chrome's Private Network Access for Navigation Requests

Normally, when you go from one website to another, the browser will take you to the destination. This is done by the user, i.e. by clicking on links. Some websites can redirect you to other web pages automatically, and this is when things can turn ugly. There are some protocols already in place, such as Google's Safe Browsing, that protect users from dangerous web pages. With the new Private Network Access security feature in place, Chrome will check the origin of the request, i.e. to identify whether it comes from a secure source. It then sends a preflight request to check whether the destination website has a header that allows private network access. In other words, it scans both websites, and the device, to ensure that they are not infected, before allowing the page to load in your web browser.

This is how the Mountain View company describes the feature, "Requests are considered “Private Network Access” if the resulting connection’s IP address space is less-public than the IP address space in the request’s initiator’s policy container”.

Google also wants to disable auto-reloading of web pages in case a request has been blocked by Private Network Access. The official documentation page for the feature, which you can access on Google Docs, has a screenshot that outlines the error message that a user will see when a malicious connection attempt was blocked.

 

Initially, Chrome will not fail the checks even if the request itself does fail. But this "warning-only version" is likely to exist only during the development phase, Google says that Chrome's DevTools will log the request as a warning to help web developers understand how it works. The feature will later be updated with a setting which a user can use to disable on a per-site basis.
...

Continue Reading