A proposal to restrict sites from accessing a users’ local network

Explainer for Local Network Access This proposal is an early design sketch by the Chrome Secure Web and Network team to describe the problem below and solicit feedback on the proposed solution. It has not been approved to ship in Chrome. Proponents Chrome Secure Web and Network team Participate Introduction Currently public websites can probe a user's local network, perform CSRF attacks against vulnerable local devices, and generally abuse the user's browser as a "confused deputy" that has access inside the user's local network or software on their local machine. For example, if you visit evil.com it can use your browser as a springboard to attack your printer (given an HTTP accessible printer exploit). Local Network Access aims to prevent these undesired requests to insecure devices on the local network. This is achieved by deprecating direct access to private IP addresses from public websites, and instead requiring that the user grants permission to the initiating website to m ... Read full article.