Google Proposes New Browser Security: Your Local Network, Your Permission!

A Google engineer recently published a proposal on GitHub recommending that websites be restricted from accessing devices on a local network through browsers such as Chrome—except in cases where the user explicitly grants permission. The intention is not to enforce an outright ban, but rather to require user authorization before public websites can interact with local network devices.

Historically, public websites could directly access local network devices via browsers. However, Chrome introduced a mechanism called Private Network Access (PNA) to impose certain limitations. PNA functions by performing preflight checks to regulate access permissions.

Google’s new proposal suggests suspending the PNA mechanism in favor of a revised permission model that grants users greater control. The trade-off is that websites would be obligated to explain the purpose of their requested permissions more transparently.

According to Google, the proposed model eliminates the need for preflight checks as a mechanism for device opt-in, thereby streamlining the delivery process and reducing the inherent risks of local network exposure. The new system is also technically more feasible to implement.

Naturally, restricting public websites from accessing local networks could introduce certain inconveniences. A notable example involves routers that guide users through initial setup via a public domain capable of detecting local network routers.

A blanket restriction would prevent such public domains from performing detection, thereby requiring users to manually authorize access for those domains to function correctly.

In practice, the website would prompt the user for explicit authorization before any local network interaction occurs—mirroring Chrome’s current permission model, where pop-up notifications request user consent for sensitive actions.

At present, the proposal has not generated widespread discussion, and it remains unclear how other browser vendors will respond. Theoretically, since the approach enhances user privacy, it is likely that other browser developers will be inclined to support it.

Related Posts:

• Mozilla wants Facebook to make app private to protect user privacy by default
• 3.2 Million Users Exposed by Malicious Browser Extensions
• Reddit Restricts Search Indexing, Google Gets Exclusive Pass
• Zero-Day Vulnerability: 18 Years of Exploiting the ‘0.0.0.0’ Flaw