chromium browser (pepperflashplugin) opening listening ports on 0.0.0.0:5353

I am using chromium browser (chrome) with pepperflashplugin in Debian. I have noticed, chromium/pepperflashplugin opens a listening port on my public interface 0.0.0.0:5353 as seen with netstat:

netstat -lptun
Proto  Recv-Q  Send-Q  Local Address  Foreign Address  State  PID/Program name     
udp         0       0  0.0.0.0:5353   0.0.0.0:*               13971/libpepflashpl

I have been using Firefox (Iceweasel) before and I have never seen browser/flash-plugin to open ports. Indeed, I have never seen any client application opening listening ports on 0.0.0.0.

Why is chromium doing this?

Is this necessary ?

Can I disable this?

Can I start chromium with pepperflashplugin disabled ?

Asked By: Martin Vegter

||

I have to disagree with @dave_thompson_085 on this. To me this is clearly a listening socket since the local address is specified and the foreign address is set to any:any. In other words the local system is waiting for udp datagrams incoming to port 5353 on any interface and from any port on any foreign IP address.

This is supported by netstat itself using the -l switch for ‘listening’ or not as follows:

# netstat -lnup
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           4827/chromium --pas
# netstat -nup
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name

However, what Chromium is up to is not something I can answer yet – it’s actually how I ended up here myself 🙂

Answered By: Tom

It seems those ports are Chromium’s attempt at discovering local web servers announced through the Zeroconf protocol, specifically the Multicast DNS protocol. Basically, it means that if a web server on the local network exist, Chromium will notice it and pop out a notification. This has been known to trigger warnings in Windows so it is disabled there by default, yet it is unclear how to disable this directly.

Answered By: anarcat

I noticed this issue when I check for local listening ports with ss -utln before Google brought me here.

My first thought of disabling this is to take a look at chrome://flags. And I found this: chrome://flags/#device-discovery-notifications

Disabling this so-called “device discovery” feature turns off listening of mDNS port 5353/tcp. You need to relaunch Chromium / Google Chrome to make this take effect.

Answered By: Zhuoyun Wei

On Linux with Chrome version 56.0.2924.87 (64-bit) setting the device-discovery-notification flag to Disabled and relaunching does not disable the listening port 5353

I also tried sudo apt-get purge avahi-daemon avahi-autoipd

Also tried /opt/google/chrome/chrome --disable-device-discovery-notifications

No luck, it appears the current version of Chrome no longer honors the flag/cmd line option and always listens on the port.

Using a firewall maybe the only way to block this port.

Using a firewall may require blocking on multicast IPs as well.

How to Block Apple Bonjour on your Local Network

Answered By: J. Doe

Go to Chrome (or Chromium) Settings -> Advanced Settings -> Google Cloud Print and disable “Show notifications when new printers are detected on the network”

Answered By: Dohn Joe

To disable mDNS and SSDP you now have to create a policy. Please note “Policy configuration files live under /etc/chromium for Chromium, and under /etc/opt/chrome for Google Chrome.”

For Chromium the file /etc/chromium/policies/managed/name_your_policy.json should contain

{
“EnableMediaRouter”: false
}

For more info see. https://www.chromium.org/administrators/linux-quick-start
And also bugs https://bugs.chromium.org/p/chromium/issues/detail?id=859359
https://bugs.chromium.org/p/chromium/issues/detail?id=665572

Answered By: python_nube
Categories: Answers Tags: , , ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.