And since Chrome will occasionally install new extensions and apps in its regular updates, there's no notification for a lay user to know why they got "Chrome Remote Desktop". You authorize one endpoint, but not the other. Users that have already enable Chrome Remote Desktop don't need to authorize the set of computers that can access it remotely. If I could still edit it, I would correct my post to say that a user that has not activated remote desktop does have to enable it manually.īut there is still no way to control Chrome's surface area in the future, and features like this give me the heebie-jeebies. At any moment, bam, suddenly my users' harmless extension is now owned by Shady Joe's Botnets 'R' Us, and their passwords, web traffic, and safety is compromised.
I would like to be able to say, "I trust my ability to lock down Google Chrome 37", configure that, and not have to worry about an automatic update annihilating my security policies.įinally, automatic extension updates give me the creeps. i.e.: they can't install new extensions and apps, they won't have any features that add new remote access features enabled, etc. Hope your company's administrators have init.d locked down or something to prevent Chrome from installing its hooks into your system during a regular apt-get/yum update.Įdited in P.S.: Google, are you there? Are you listening? As a system administrator, what would tickle me would be the ability to freeze the attack surface area of user's machines. Chrome for Linux users? I guess they're SOL. Welp, at least Chrome for Windows has group policies to control (some) of this, but the policies often lag behind the new features. Install Chrome and sign in with target's credentialsģ. Here's the how-to if you have some spare Google account credentials:ġ. I'm sure the NSA, every other three letter agency, and skillful botnet programmers and hackers are just tickled that Chrome is opening up new avenues for infection. But an IT professional and someone who is security conscious, it's concerning that users' web browsers automatically install new attack vectors. I love that Chrome automatically updates with security and performance updates. Do features like Chrome Remote Desktop give anyone else goosebumps?
0 kommentar(er)
