Using the InsecurePrivateNetworkRequestsAllowedForUrls reg key doesn’t introduce a vulnerability.
Chrome and other browsers are making changes so that public sites, such as https://app.plex.tv, can’t make requests to private addresses - servers on the LAN.
That’s a change with security in mind. Today there are no restrictions, and any public site can initiate browser requests to private addresses. So it’s a good change for web browser behavior.
But allowing these desired requests to your Plex server isn’t introducing a vulnerability. That’s functionality that you want.
This error STATUS_BREAKPOINT means Chrome is crashing. The problematic changes are Chromium’s, the cause of the crash is Chromium. That’s a browser crash message.
When Chrome finishes making changes, Plex can modify the Plex Media Server to signal that requests from https://app.plex.tv are allowed. These changes shouldn’t be required for Plex, yet - the deadline is a ways off. The issue is that Chrome is crashing, not that Plex is doing something wrong.
I mentioned this change to Plex folks a while ago, they are aware. It’s possible that Plex could make the server changes early, and that it could help work around this Chromium bug.
—-
While it’s generally recommended to use https://app.plex.tv, why not use the local server address directly right now? Doesn’t that avoid any issue?
