There is an open Chromium bug for this: https://bugs.chromium.org/p/chromium/iss... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		csagan5 on May 20, 2020 \| parent \| context \| favorite \| on: Why Is This Website Port Scanning Me? There is an open Chromium bug for this: https://bugs.chromium.org/p/chromium/issues/detail?id=378566 I hope they consider it still valid and not close it. These are the blocked ports: https://github.com/chromium/chromium/blob/83.0.4103.53/net/b... Accessing localhost and LAN addresses works perfectly fine, except for those ports. I am going to patch Bromite so that it doesn't allow any access to localhost nor private networks.

csagan5 on May 20, 2020 [–]

Interestingly enough they are already blocking these attacks for background requests, see https://github.com/chromium/chromium/blob/83.0.4103.53/third...

Perhaps they simply forgot to cover also the WebSockets case, or the discussion on the related bug was not allowing for expanding the coverage.

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact