Chrome Remote Desktop plug-in vulnerability?

I was just over at Planet Iron & noticed this about the Chrome Remote Desktop BETA app. Meanwhile; in aboutlugins, Chrome & Iron do indeed have a 'Remoting Viewer' plug-in. Does anyone actually bother to disable this particular plug-in or am I unnecessarily being paranoid?

 

I wonder if I'm the only one that feels that Chrome is going the way of Opera, adding things that really don't belong in a browser. How long until Chrome has a built in torrent client? They can always, you know, slow down development a bit, it's not the end of the world.

 

Indeed. There are things, judging by what many Google Chrome users report, that still need to be fine tuned. They should focus on these problems, rather than adding more code to the browser; specially code that has nothing to do with browsing.

 

Because Chrome is now an OS they need things like this.

1) This is an extension
2) Windows has something just like this built in
3) I don't see how it would be vulnerable. I'd assume that traffic is encrypted (like windows) and you need to enter in usernames/passwords + codes to get into someone's computer. If it's like teamviewer that code is randomly generated just before the session and it expires if not used.

 

That's the problem. There should be a distinction between the browser and the OS.

And, Google Chrome (not sure if the stable version has it already) and Chromium do have a Remoting Viewer plugin. Whether or not they'll add more remoting functionality in the future to the browser itself, we don't know.

Unfortunately, separating the browser and OS would probably take them more time, and time is money.

But, that still doesn't change the fact that remoting has no place in Google Chrome. Google Chrome is not an OS. It's a browser. There's an operating system that is owned by Google named Google Chrome O.S, which is a web browser O.S, based on Google Chrome. Two separate things.

 

It's not built into the browser it's an extension.

There's something called "Cromoting" that's been developers only for a long long time. Users don't know what it is as far as I know.

 

What's an extension? Remoting Viewer is a plugin that I'm able to see in Chromium under chrome://plugins. Are you telling me I'm imagining things?

 

The topic is about:
https://support.google.com/chrome/bin/answer.py?hl=en&answer=1649523

The plugin is the "Chromoting" thing I was talking about. It doesn't do anything unless you're a developer afaik.

 

OK. But, the user who started the thread also mentioned Remoting Viewer, which is a plugin.

That plugin is there (it is installed with Chromium/Chrome) to work with Chrome Remote Desktop.

 

Is it? So that plugin runs when you use the extension? Never noticed - haven't checked.

But is the problem just "boo attack surface" or something else?

 

That'd be the kiss of death for Google!

 

Yes, OK. Should I disable the plug-in or not though?

 

Google for Google Chrome Remoting Viewer plugin. You should get a few hits for Google's support forum. One of those will probably show it to you.

BUT, since I'm a nice person, there you go -https://www.google.com/support/forum/p/Chrome/thread?tid=358ee2503e036472&hl=en

Do you feel it's a problem? If you don't, then it isn't. If you feel it is, then it is.

 

The only plugins i have enabled are flash and pdf, but this remote desktop plugin is an actual .dll file? I can not see the path in aboutlugins

 

When I look more closely in aboutlugins all I see is:

Remoting Viewer
Name: Remoting Viewer
Version:
Location: internal-remoting-viewer
Disable
MIME types:
MIME type Description File extensions
application/vnd.chromium.remoting-viewer
.
pepper-application/x-chromoting

 

That's what i see too. After reading the thread i was about to delete it, but i guess i'll just keep it disabled lol

 

I don't, I'm just wondering if/why anyone else does.

The plugin's been around wayyyy longer than the extension. I guess the plugin's just some kind of backend.

 

Yes, that's probably wise. I didn't want to start a panic when I started the thread, I was just curious.

 

It could potentially be exploited but I wouldn't worry about it since it doesn't run by default.

If you don't use any desktop remotes just disable it.