This is pretty cool! Just wanted to post about chrome rdp:

Question

This is pretty cool! Just wanted to post about chrome rdp:

jasikpark opened this issue 4 years ago · 1 comments

https://embracethered.com/blog/posts/2020/chrome-spy-remote-control/ It's a pretty powerful protocol but it seems the machine would have to be compromised in a different way beforehand

Answer 1 · 2020-11-14T07:44:34.000Z

Yes, this is a great post thank you. Everyone should know the risks and not forward the remote debugging port to a remote port nor open the remote debugging address to listen on the public interface. By default, the port is only available locally and that's the way we use it.

The other vulnerability is be careful about using code, like this in 22120, that uses the remote debugging port. That's one reason i think it's so important to keep this code simple and open source so people can see there's no intentional risks, exploits or vulnerabilities here, and they can vet the code and try to see if there's any unintentional ones. I would not trust binaries that use this feature without source code.

Another issue which i need to confirm is, is the localhost:9222 available from websites (i don't think so, because of CORS) or extensions. If we ascertain it can be accessed from potentially malicious browser extensions (of which unfortunately, there are many) we can work out a block for that, possibly by using request interception methods of the fetch domain in CRDP, or the blocked URLs method.

That would be the only vulnerability that's possible from CRDP here that i can see, and it's possible related to malicious extensions.