There is an open Chromium bug for this: https://bugs.chromium.org/p/chromium/iss... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		csagan5 on May 20, 2020 \| parent \| context \| favorite \| on: Why Is This Website Port Scanning Me? There is an open Chromium bug for this: https://bugs.chromium.org/p/chromium/issues/detail?id=378566 I hope they consider it still valid and not close it. These are the blocked ports: https://github.com/chromium/chromium/blob/83.0.4103.53/net/b... Accessing localhost and LAN addresses works perfectly fine, except for those ports. I am going to patch Bromite so that it doesn't allow any access to localhost nor private networks.

csagan5 on May 20, 2020 [–]

Interestingly enough they are already blocking these attacks for background requests, see https://github.com/chromium/chromium/blob/83.0.4103.53/third...

Perhaps they simply forgot to cover also the WebSockets case, or the discussion on the related bug was not allowing for expanding the coverage.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact