Google will soon begin testing adding Private Network Access (PNA) technology on the Google Chrome Enterprise and Education versions of the browser Chrome. The addition will provide enhanced security aimed primarily at remote workers.
According to the tech giant, the new feature in its Chrome browser should primarily protect remote workers from attacks on devices from their home network.
Preventing CSRF attacks
It primarily protects against so-called cross-site request forgery (CSRF) attacks. These types of attacks mainly target routers. The attacks are very common and allow hackers to redirect victims to rogue servers. This proceeds, for example, with fake advertisements that automatically adjust the routers’ DNS settings on persons who click on the ad.
PNA limits the possibility of websites sending requests to servers on private networks.
For now only alerts
For now, the PNA technology runs only in a so-called “warning-only” mode. Here, the technology checks whether the request in question comes from a “secure context” environment. As a second step, the technology also checks whether the intended destination allows access from a public website.
Currently, users are still redirected to rogue websites. At this moment, the tool only gives a warning in the DevTools console. This should help users prepare for later blocking by the PNA technology.
The introduction of the PNA feature is scheduled for version 123 of the Chrome Enterprise and Education browser for all known operating systems. Version 122 has been available in beta since January.
2 days ago
