Sunday, November 4, 2018

Configure Google Chrome to stop opening 5353 port for listening

Today I have noticed that Google Chrome opens a UDP listening port 5353 whenever I open the browser.
After searching about it, I found this solution shuts down the port,

Create a file under /etc/opt/chrome/policies/managed directory

e.g.:  blockport.json

Add this line to the file,
{ "EnableMediaRouter": false }

Finally it will look like this,
[root@localhost ~]# cat /etc/opt/chrome/policies/managed/blockport.json
{ "EnableMediaRouter": false }


Restart the browser. It will not open the port anymore.

Source: https://unix.stackexchange.com/questions/187294/chromium-browser-pepperflashplugin-opening-listening-ports-on-0-0-0-05353


Update,
For latest Google Chrome instances, Above method didn't work and I have found out that disabling "Show notifications when new printers are detected on the network" shutdown port 5353. Please note that I'm using Version 81.0.4044.129 (Official Build) (64-bit) on MacOS
Posted by at
Labels: , , ,

3 comments:

  1. AdminTuesday, May 05, 2020 8:50:00 PM

    Hey Jay,
    Please try disabling "Show notifications when new printers are detected on the network". It worked for me.

    ReplyDelete
  2. specFriday, June 05, 2020 2:26:00 AM

    Not sure why people just LOVE to pointlessly mutilate their machines. They see a port or service they don't understand, and they jump though hoops to disable it without ANY understanding of the consequences, then flood forums with inane questions wondering why things are BROKEN on their machines.

    Port 5353 is used for mDNS/Avahi/ZeroConf/Bonjour. All names for the same thing. It allows discovery of other network devices WITHOUT having to know it's IP. Literally EVERY laser printer on the planet comes with it, as well as most consumer media players like the Chromecast. Disable this service and you BREAK easy access these things.

    If you don't use it, just IGNORE it. Premature optimization is CANCER.

    ReplyDelete
    Replies
    1. AnonymousWednesday, May 04, 2022 2:49:00 AM

      As someone who secures networks in the financial industry, Bonjour is an easy way for threat actors to hack your network. Yes it is convenient to setup your printer, but I recommend everyone stop using mDNS/Bonjour and setup your printers the right way. Every auditor that finds this port open will flag it as a "high vulnerability".

      Delete

Subscribe to: Post Comments (Atom)