If you’re not familiar, port randomization is a security technique that selects a random port for initiating an IP/TCP connection. By doing so, it becomes harder for hackers to perform port scanning attacks and exploit vulnerabilities.
Microsoft and Google are working together to bring this feature to Windows, and you can see that developers are already working on bringing
EnableTcpPortRandomization to Windows.
Google plans to use the SO_RANDOMIZE_PORT option for TCP connections, however, the rollout had its share of issues.
There is a bug in Windows that led to aggressive port reuse which resulted in the system using the first available port in the range, thus completely bypassing this feature. Here’s what the developers said: "
This was due to a Windows bug which, when the default port range was expanded, would often end up failing to select a random available port, instead falling back to choosing the first available port at the beginning of the range. The Windows bug was first fixed in the 22H2 release and was then backported to earlier releases from August through November 2023."
Since developers had issues implementing this feature, it remains disabled by default behind the base::Feature flag.
By using this approach, the developers can experiment and verify that the feature is working as intended.
Once this feature is fully implemented, it will add a layer of defense against network-based attacks. As for other security features, Chrome Network Service now has its own sandbox.
It’s also worth mentioning that
Chrome on Windows can now detect symbolic links and make you safer.
windowsreport.com
