Google Chrome to crack down on websites spying on your home devices

Reading time icon 2 min. read


Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

Key notes

  • Google Chrome to add new security feature protecting home network devices.
  • The feature monitors website requests accessing local devices, ensuring secure origin and authorization.
  • Aims to prevent malicious websites from exploiting vulnerabilities in local devices.
  • Currently in “warning-only” mode, expected rollout in Chrome 123/124 for Android and Desktop.

Google is developing a new security feature for Chrome, now available on Windows on ARM, to safeguard devices connected to your home or private network. Currently, in “warning-only” mode, this feature will monitor website requests attempting to access your local devices and ensure they originate from secure sources and are authorized by the target device.

Before a website A navigates to another site B in the user’s private network, this feature does the following:

1. Checks whether the request has been initiated from a secure context

2. Sends a preflight request, and checks whether B responds with a header that allows private network access.

This initiative stems from the need to prevent malicious websites from exploiting vulnerabilities in devices residing on your local network, often assumed to be unreachable from the broader internet. By implementing these checks, Google aims to:

  • Block unauthorized access attempts: The feature will scrutinize website requests seeking access to your local devices, ensuring they are legitimate and authorized.
  • Enhance overall network security: This additional layer of protection strengthens the security posture of your home network, mitigating potential risks associated with unauthorized access.

While currently in its testing phase, the feature is expected to be fully implemented in Chrome versions 123 or 124 for Android and Desktop platforms. During this testing period, the feature will operate in “warning-only” mode, displaying alerts in the developer tools to notify developers and prepare them for the upcoming enforcement.

The above checks are made to protect the user’s private network. Since this feature is the “warning-only” mode, we do not fail the requests if any of the checks fails. Instead, a warning will be shown in the DevTools, to help developers prepare for the coming enforcement.

This new security feature from Google represents a positive step towards safeguarding devices connected to your home network. By proactively addressing potential vulnerabilities and preventing unauthorized access attempts, Google is working to create a more secure browsing experience for its users.

More here.

User forum

0 messages