Extension Details
Context-Aware Verdict
Chrome Remote Desktop is developed by Google Ireland, Ltd., which provides significant credibility and trustworthiness. With 36 million users, it's one of the most widely adopted remote desktop solutions. However, the relatively low rating of 3.1 out of 5 from nearly 3,000 reviews suggests user experience issues that warrant attention.
The primary concern is the downloads permission, which allows the extension to download files and access download history. While this permission may be necessary for file transfer functionality in remote desktop sessions, it creates potential privacy and security risks. The nativeMessaging permission, though expected for remote desktop functionality, enables communication with native applications on the host system, which could be exploited if the extension were compromised.
The combination of these permissions in a remote access tool creates a significant attack surface, as malicious actors could potentially use the extension to download malicious files or access sensitive download history.
Given Google's reputation and the extension's widespread use, the medium risk level is primarily due to the inherent nature of remote desktop software rather than malicious intent. Users should ensure they only use this extension on trusted networks and devices. For enhanced security, consider running it in a separate Chrome profile when accessing sensitive systems. Regularly review your download history and monitor for any unexpected file downloads when using the extension.
Findings
Security Analysis Details
Required Permissions:
- nativeMessaging
- downloads
Embedded URLs (31 total):
| https://remotedesktop.google.com/ | https://clients2.google.com/service/update2/crx | |
| https://remotedesktop.corp.google.com/ | https://remotedesktop-dev.corp.google.com/ | |
| https://remotedesktop-autopush.corp.google.com/ | https://remotedesktop-daily-0.corp.google.com/ | |
| https://remotedesktop-daily-1.corp.google.com/ | https://remotedesktop-daily-2.corp.google.com/ | |
| https://remotedesktop-daily-3.corp.google.com/ | https://remotedesktop-daily-4.corp.google.com/ | |
| https://remotedesktop-daily-5.corp.google.com/ | https://remotedesktop-daily-6.corp.google.com/ | |
| https://remotesupport.corp.google.com/ | https://remotesupport-dev.corp.google.com/ | |
| https://remotesupport-autopush.corp.google.com/ | https://remotesupport-daily-0.corp.google.com/ | |
| https://remotesupport-daily-1.corp.google.com/ | https://remotesupport-daily-2.corp.google.com/ | |
| https://remotesupport-daily-3.corp.google.com/ | https://remotesupport-daily-4.corp.google.com/ | |
| https://remotesupport-daily-5.corp.google.com/ | https://remotesupport-daily-6.corp.google.com/ | |
| https://remoting.sandbox.google.com/ | https://remoting-autopush.sandbox.google.com/ | |
| https://remoting-daily-0.sandbox.google.com/ | https://remoting-daily-1.sandbox.google.com/ | |
| https://remoting-daily-2.sandbox.google.com/ | https://remoting-daily-3.sandbox.google.com/ | |
| https://remoting-daily-4.sandbox.google.com/ | https://remoting-daily-5.sandbox.google.com/ | |
| https://remoting-daily-6.sandbox.google.com/ |
Raw Manifest
{ "name": "Chrome Remote Desktop", "icons": { "48": "chromoting48.png", "128": "chromoting128.png" }, "action": {}, "version": "2.1", "background": { "service_worker": "event_page_binary.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "Chrome Remote Desktop extension", "permissions": [ "nativeMessaging", "downloads" ], "manifest_version": 3, "externally_connectable": { "matches": [ "https://remotedesktop.corp.google.com/*", "https://remotedesktop.google.com/*", "https://remotedesktop-dev.corp.google.com/*", "https://remotedesktop-autopush.corp.google.com/*", "https://remotedesktop-daily-0.corp.google.com/*", "https://remotedesktop-daily-1.corp.google.com/*", "https://remotedesktop-daily-2.corp.google.com/*", "https://remotedesktop-daily-3.corp.google.com/*", "https://remotedesktop-daily-4.corp.google.com/*", "https://remotedesktop-daily-5.corp.google.com/*", "https://remotedesktop-daily-6.corp.google.com/*", "https://remotesupport.corp.google.com/*", "https://remotesupport-dev.corp.google.com/*", "https://remotesupport-autopush.corp.google.com/*", "https://remotesupport-daily-0.corp.google.com/*", "https://remotesupport-daily-1.corp.google.com/*", "https://remotesupport-daily-2.corp.google.com/*", "https://remotesupport-daily-3.corp.google.com/*", "https://remotesupport-daily-4.corp.google.com/*", "https://remotesupport-daily-5.corp.google.com/*", "https://remotesupport-daily-6.corp.google.com/*", "https://remoting.sandbox.google.com/*", "https://remoting-autopush.sandbox.google.com/*", "https://remoting-daily-0.sandbox.google.com/*", "https://remoting-daily-1.sandbox.google.com/*", "https://remoting-daily-2.sandbox.google.com/*", "https://remoting-daily-3.sandbox.google.com/*", "https://remoting-daily-4.sandbox.google.com/*", "https://remoting-daily-5.sandbox.google.com/*", "https://remoting-daily-6.sandbox.google.com/*" ] } }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.