Block HTTP port 10080 - Chrome Platform Status

Feature: Block HTTP port 10080

Connections to HTTP, HTTPS or FTP servers on port 10080 will fail. This is a mitigation for the NAT Slipstream 2.0 attack. It helps developers by keeping the web platform safe for users.

Motivation

Mitigation for the NAT Slipstreaming attack: https://samy.pl/slipstream/. Preserves user confidence in the web by preventing their browser being used as a vector to attack their internal network.

Specification

Editor's draft

Status in Chromium

Blink components: Internals>Network

Enabled by default in:

Chrome for desktop release 91
Chrome for Android release 91
Android WebView release 91

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

Firefox: Shipped/Shipping
Edge: No signal
Safari: In development
Web Developers: Positive

Owner

ricea@chromium.org

Comments

Spec change landed in https://github.com/whatwg/fetch/pull/1214.

Last updated on 2021-04-16