Extension To Chrome Brings Remote Desktop Abilities

CNET reports that as of yesterday, a new Chrome extension will "let a person on one computer remotely control another across the network." The new remote-desktop capability is in BETA (Google's all-caps version, for emphasis), but is said to work to control any OS from any other OS, so long as both sides are equipped with Chrome and the new extension. Related: Wired is running a profile of Rajen Sheth — "father of Gmail," and now in charge of Google's Chromebook project as well.

Chrome is now hostile code

[Animats]

This makes Google's browser hostile code. It should not be allowed through corporate firewalls. On the browser front, progress has been made by giving parts of the browser that run external code less privilege. Sandboxing Flash and Acrobat Reader is progress. Mozilla's dividing of add-ons into a non privileged content script and a somewhat more privileged add-on code is progress. Putting an equivalent of Back Orifice into a browser is not.

The announcement says: the technology right now is limited so that permission must be granted each time remote administration is activated. How long will that last? Could be changed silently by a forced update? What if law enforcement wants to use it? Does the remote session run through a Google server? (The protocol is apparently based on Google Talk, which does.) How else do they get two clients behind DHCP routers talking to each other? Is the connection encrypted? Is it encrypted end to end, or is the server in a position to mount a man in the middle attack? Does Google commit contractually to not accessing your machine, or is there an EULA that says they can do that whenever they want to?

If you want remote desktop access in the corporate environment, there are management tools for that. They're usually locked down tightly, since they're inherently a security risk.