Chrome Update Fixes High Severity ‘NAT Slipstreaming’ Bug and Enhances Performance

Author: Melodie Foster

Date: 20th November 2020

Chrome 87 is being rolled out over the next few days which includes a patch for a high-severity vulnerability which could allow a remote attacker to access any TCP or UDP port on a victim’s computer by bypassing security restrictions. The security researcher who found this bug called the attack “NAT slipstreaming.”

An attacker could remotely exploit the flaw, and would be able to bypass security restrictions by persuading a victim to visit a specifically crafted, fake website.

Google have said that the issue is caused by an insufficient policy enforcement in networking.

Included in the update are patches for other high-severity vulnerabilities which Google will not mention any details about until most users have updated their browser.

Other flaws include:

A use-after-free glitch in the payment’s component of Chrome and a use-after-free error in Google’s PPAPI browser plug-in interface
Two high-severity “inappropriate implementations” one found in the filesystem component and another in the cryptohome component
Two heap buffer overflow bugs were found in the UI and clipboard components[1]

Google has also said of its version 87 that it “represents the largest gain in Chrome performance in years.” The latest version includes a 5X reduction in CPU usage by prioritising active tabs as opposed to ones in the background. This should also result in a 1.25 hour increase in battery, so updating your Chrome browser to version 87.0.4280.66 is strongly recommended[2].

[1] https://threatpost.com/google-chrome-87-nat-slipstreaming-flaw/161344/

[2] https://9to5google.com/2020/11/17/chrome-87-mac-windows-stable/

Other resources

Cyberfort Colocation Services

Cyberfort has invested heavily in secure infrastructure, making us the perfect colocation service provider to host your mission-critical, sensitive and regulated data.
Find out more >

What can Cyberfort do for you?

Check out our factsheets for detailed information on the matrix of cybersecurity products and services we offer to protect your business.
Find out more >

Cyberfort Deep Dives

Cyberfort’s cybersecurity consultants explore issues in cyber threat intelligence, incident planning and data security. Read our whitepapers to help make decisions that benefit your business.
Find out more >

Cookie Name	Expiration Time	Description
_ga	2 years	Used to distinguish users.
_gid	24 hours	Used to distinguish users.
_gat	1 minute	Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_<property-id>.

_gac_<property-id>	90 days	Contains campaign related information for the user. If you have linked your Google Analytics and Google Ads accounts, Google Ads website conversion tags will read this cookie unless you opt-out.
__hstc	13 months	The main cookie for tracking visitors.
hubspotutk	13 months	This cookie keeps track of a visitor's identity. It is passed to HubSpot on form submission and used when deduplicating contacts.
__hssc	30 minutes	This cookie keeps track of sessions.
__hssrc	End of session	Whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser.

Chrome Update Fixes High Severity ‘NAT Slipstreaming’ Bug and Enhances Performance

Author: Melodie Foster

Date: 20th November 2020

Other resources

Cyberfort Colocation Services

What can Cyberfort do for you?

Cyberfort Deep Dives

Recent Posts

Recent Comments

Archives

Categories

Meta