Re: Cross origin screensharing

If you need to pick a window for sharing from the chooser, what additional
security would the extension provide?

As I have mentioned before, based on the attack vectors related to
extensions, I expect extension installation to be disabled in enterprise
environment. This will render screen sharing in its current form unusable.

Roman Shpount

On Tue, Jan 21, 2014 at 2:32 PM, Justin Uberti <> wrote:

> Indeed, hence "defense in depth" (i.e. you still need to pick a window for
> sharing from the chooser)
> On Sun, Jan 19, 2014 at 9:42 PM, cowwoc <> wrote:
>> On 14/01/2014 12:31 PM, Martin Thomson wrote:
>>> On 14 January 2014 05:23, Dominique Hazael-Massieux <> wrote:
>>>> How about tying this to CORS? If you already grant cross-origin access
>>>> to your Web content via CORS, can it be inferred you're happy to share
>>>> its content via screen sharing?
>>> That doesn't really work in that the iframe (or other cross origin
>>> content) is acquired without the CORS preflight.  I was thinking
>>> Frame-Options actually.
>> Amusing read about browser extensions:
>> comments/1vjj51/i_am_one_of_the_developers_of_a_popular_chrome/
>> By the time you notice that an extension has become malicious, over 700k
>> users could have had their banking records stolen. Point is: hiding
>> security-sensitive features behind extensions does not (on its own) ensure
>> security.
>> Gili

Received on Tuesday, 21 January 2014 19:48:53 UTC