Announcement

**Brophen** · 15 August 2017, 03:07 PM

Hmm, I wonder if WebUSB would enable something like Synergy for ChromeOS

**schmidtbag** · 15 August 2017, 03:15 PM

I have a feeling that no matter what they try to do to make WebUSB secure, it won't work. But, I wish them the best - it could open a lot of potential for web apps without the need of some sort of local backend application.

Originally posted by Brophen View Post

Hmm, I wonder if WebUSB would enable something like Synergy for ChromeOS

Good question.

**R00KIE** · 15 August 2017, 03:59 PM

I'm sure very soon someone will find out that exposing usb devices to the web was not such a good idea, but then how could they know in advance right?

They should stop trying turn the browser into an operating system, instead they could work on fixing small irrelevant things like hardware video decoding acceleration or stuff like that which no one wants to use right now. At least it seems it is being worked on now but lets see how long until we get a stable release with that.

**uid313** · 15 August 2017, 04:08 PM

This WebUSB thing sounds pretty scary. Imaging malware spreading on some advertising network or CDN, and it uses WebUSB to infect millions of USB devices.
Writes malware to USB storage devices, and rewrites firmware on webcam, keyboard, mouse, printers, scanners, etc.

**carewolf** · 15 August 2017, 04:21 PM

Chrome has had WebUSB for a while now. That is how U2FA works. It is a hacky extensions that talks to the USB device over WebUSB, and then provides a U2FA implementation with that.

**[email protected]** · 15 August 2017, 04:37 PM

Originally posted by uid313 View Post

This WebUSB thing sounds pretty scary. Imaging malware spreading on some advertising network or CDN, and it uses WebUSB to infect millions of USB devices.
Writes malware to USB storage devices, and rewrites firmware on webcam, keyboard, mouse, printers, scanners, etc.

Not only that, but advertisers would love to get access to webcams and their microphones for "marketing purposes".

**[email protected]** · 15 August 2017, 04:39 PM

Originally posted by carewolf View Post

Chrome has had WebUSB for a while now. That is how U2FA works. It is a hacky extensions that talks to the USB device over WebUSB, and then provides a U2FA implementation with that.

Thanks for that. I just got to the flags page and disabled it.

**clockley1** · 15 August 2017, 07:54 PM

Originally posted by schmidtbag View Post

I have a feeling that no matter what they try to do to make WebUSB secure, it won't work. But, I wish them the best - it could open a lot of potential for web apps without the need of some sort of local backend application.

Good question.

Why would WebUSB any less secure than WebGL? Unlike GPUs, USB devices cannot access system memory. Making a whole class of exploits moot.

**Danny3** · 16 August 2017, 01:03 AM

It was a nice journey, but I have to say goodbye to Chromium today.
It's enough that they added support tot access webcam, mike and geolocation.
Now they want to access every USB device that I connect to my computer?
No thanks, this is bullshit for security and privacy!
I wonder how easy it will be to track someone when you have access to USB device IDs.
I feel sorry for people who use Chromium and have USB connected scanners and fingerprint scanners.
Google seems to have no limit on spying.

Announcement

Chrome 61 Beta Rolls Out With JavaScript Modules, WebUSB Support

Chrome 61 Beta Rolls Out With JavaScript Modules, WebUSB Support

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment