Omnissa Horizon Url Conte
🔍 Security Report Available View on Chrome Web StoreChrome will indicate if you already have this installed.
Blocks unwanted URL content in Omnissa Horizon, allowing you to redirect to a desired page and maintain focus on your work. Lets you seamlessly integrate URL Content Redirection into your Omnissa Horizon workflow, benefiting those who frequently navigate between multiple tabs or websites. Enables users of Omnissa Horizon to streamline their browsing experience.
Overview
The Horizon URL Content Redirection Helper is used in conjunction with Horizon Client. Please contact your IT department before downloading this extension.
The URL Content Redirection feature supports redirection from a remote desktop or application to a client, and from a client to a remote desktop or application.
Redirection from a remote desktop or application to a client is called agent-to-client redirection. Redirection from a client to a remote desktop or application is called client-to-agent redirection.
Agent-to-client redirection
With agent-to-client redirection, Horizon Agent sends the URL to Horizon Client, which opens the default application for the protocol in the URL on the client machine.
Client-to-agent redirection
With client-to-agent redirection, Horizon Client opens a remote desktop or remote application that you specify to handle the URL. If the URL is redirected to a remote desktop, the link is opened in the default browser for the protocol on the desktop. If the URL is redirected to a remote application, the link is opened by the specified application. The end user must be entitled to the desktop or application pool.
You can redirect some URLs from a remote desktop or application to a client, and redirect other URLs from a client to a remote desktop or application. You can redirect any number of protocols, including HTTP, HTTPS, mailto, and callto.
Horizon End User License Agreement:
https://www.omnissa.com/general-terms/
Tags
Privacy Practices
Security Analysis — Omnissa Horizon Url Conte
Permissions
Code Patterns Detected
External Connections
Package Contents 16 files · 29KB
What This Extension Does
The Omnissa Horizon URL Conte extension enables URL Content Redirection in Omnissa Horizon, allowing users to redirect URLs from a remote desktop or application to a client, and vice versa. This extension is primarily used by IT professionals and end-users of the Horizon Client.
Permissions Explained
- nativeMessagingcheck this: This permission allows the extension to communicate with native applications on your device.
Technical: The nativeMessaging API enables cross-process communication between Chrome extensions and native applications, potentially exposing sensitive data if compromised. This permission is CRITICAL due to its potential for data exposure. ⚠ 1 - webNavigationexpected: This permission allows the extension to monitor and control your browsing activity, including navigation between pages.
Technical: The webNavigation API provides access to information about the current page, such as its URL, title, and referrer. This can be used for legitimate purposes like analytics or debugging, but also poses a risk if misused. - storageexpected: This permission allows the extension to store data locally on your device.
Technical: The storage API enables extensions to read and write data to local storage, which can be used for legitimate purposes like caching or storing user preferences. However, it also poses a risk if sensitive data is stored without proper encryption.
Your Data
The extension accesses local storage and communicates with the launch-horizon.omnissa.com domain. It does not collect any sensitive user data, but its use of nativeMessaging poses a risk if compromised.
Technical Details
Code Findings
The extension uses postMessage to communicate between different domains, which can be a security risk if not properly sanitized.
Technical: The extension uses the postMessage API to send messages between the content script and background service worker. This is a common pattern in extensions, but requires careful handling of message data to prevent XSS attacks.
💡 This pattern is commonly used in legitimate extensions for communication between scripts running on different domains.
The extension does not have a Content Security Policy (CSP) set, which can make it more vulnerable to XSS attacks.
Technical: The extension's manifest file does not include a CSP directive. This means that the extension is not enforcing any specific security policies for its content scripts.
💡 Many extensions do not require a CSP due to their simple functionality or lack of user-generated content.
The Omnissa Horizon URL Conte extension has some security concerns, primarily related to the use of nativeMessaging and the lack of a Content Security Policy. While it is likely that this extension is used for legitimate purposes, users should be cautious when granting permissions and ensure they understand the potential risks involved.
