I find it interesting that Plex Server comes out with an update it seems like every other day but when there is an actual issue that is widespread, they seem to be nowhere around and no update to fix it…… I don’t want to leave this reg hack in there for too long as it could be a vulnerability that may be exploited.
That’s because the updates which are being rolled out have been in the pipeline for months. You’re frequency for speed.
What happens then when an emergency patch is required to fix a widespread issue such as this? Do they put it in the queue and let it wait it’s turn to be deployed? A big part of Plex functionality is down for many people and not everyone has the ability to start adding reg keys to fix it.
Although I appreciate the “fix” I’m simply not willing to compromise my system security by adding a registry entry for “InsecurePrivateNetworkRequestsAllowed”. And simply put, no one else should either.
I’m sure a large number of users, myself included use the same hardware for plex video storage that we use to back up all our data. That said intentionally adding a security vulnerability to the devices on the network to allow them to use Plex seems crazy to me.
I have not been able to use Plex on ANY devices sense this bug started.
Is there no longer any way to open a help ticked with Plex? If there is it is burred so well I couldn’t find it.
This needs to be escalated to the highest fix priority, there is no reason to keep paying for Plex if we can only use it on our cell phones and consoles.
2 Likes
I see a Plex Server update came out today from 1.25.5 to 1.25.6 however, it does not seem to address this STATUS_BREAKPOINT browser crashing problem……
2 Likes
Same results in Edge. Firefox plays just fine, though.
Thank makes complete sense now, thank you. Hoping for a fix soon.
Tested again on latest versions, on chromebook, still a problem, although took a little longer playing a video to reproduce.
Chrome 98.0.4758.107 (Official Build) (64-bit)
Plex 1.25.6.5577
Works fine on Opera browser
After applying the regfix and rebooting everything is working again. THANKS!
I did both of the suggested reg entries, I will play with disabling each to see if plex still plays vids and audio with only one of the keys active.
[UPDATE] enabled only the InsecurePrivateNetworkRequestsAllowedForUrls key and rebooted, everything is still working perfectly so far. I am going to leave this key as the only active key since I agree with most of you, better to limit the blatant security hole.
1 Like
I’m having the same issue, any fix yet?
No fix yet that I am aware of. Just this reg key work around for now which sounds like we have to create a vulnerability in our systems to get back the functionality we all had and pay for. I’m just baffled at Plex developers as to why after all this time they will not acknowledge this issue which has plagued so many users and what they are doing about it. I will have to re evaluate my decision next time my PlexPass comes up for renewal…
1 Like
Using the InsecurePrivateNetworkRequestsAllowedForUrls reg key doesn’t introduce a vulnerability.
Chrome and other browsers are making changes so that public sites, such as https://app.plex.tv, can’t make requests to private addresses - servers on the LAN.
That’s a change with security in mind. Today there are no restrictions, and any public site can initiate browser requests to private addresses. So it’s a good change for web browser behavior.
But allowing these desired requests to your Plex server isn’t introducing a vulnerability. That’s functionality that you want.
This error STATUS_BREAKPOINT means Chrome is crashing. The problematic changes are Chromium’s, the cause of the crash is Chromium. That’s a browser crash message.
When Chrome finishes making changes, Plex can modify the Plex Media Server to signal that requests from https://app.plex.tv are allowed. These changes shouldn’t be required for Plex, yet - the deadline is a ways off. The issue is that Chrome is crashing, not that Plex is doing something wrong.
I mentioned this change to Plex folks a while ago, they are aware. It’s possible that Plex could make the server changes early, and that it could help work around this Chromium bug.
—-
While it’s generally recommended to use https://app.plex.tv, why not use the local server address directly right now? Doesn’t that avoid any issue?
1 Like
The problem for me with connecting directly is that when I do that it re arranges my media library categorization order and no matter how many times I set the desired order I want in the menu, it changes it back to default asking me if I want to customize it again every time I log in directly. When I connect through app.plex.tv, after the initial setting, it stays in the order I had set it in.
I was using the key DWORD “InsecurePrivateNetworkRequestsAllowed“ which to me sounds like a potential hole that someone on Internet could exploit and gain access to my system. For now, I will add on the ForUrls at the end and see if the player still plays within the browser without crashing.
UPDATE: when I append the DWORD name with “ForUrls” this only works with Chrome browser and not on Edge.
These upcoming security changes should NOT be affecting users or Plex yet.
It looks like Google is backing out some related breaking changes from the Chromium source. I don’t know when they’ll arrive in a Chrome release - maybe they’ve already landed in Canary/Developer/Beta.
Has anybody with the problem tried a recent Canary/Developer/Beta version of Chrome?
https://chromium-review.googlesource.com/c/chromium/src/+/3465856
Though they kept the bug itself private. That’s interesting.
2 Likes
This appear to be fixed in Chrome 98.0.4758.109, at least on my Mac. I haven’t had a crash since it updated.
1 Like
My Chrome version is at 98.0.4758.102 and it seems to be fixed as well. Videos playing ok through app.plex.tv
Now if Microsoft can patch and fix Edge which so far doesn’t look like that has been done. At 98.1108.62 currently.
1 Like
Just now checked Plex after the Chrome 99.0.4844.51 update and everything is stable.Nor sure who won the He Said, She Said battle but one of them has fixed it “For Now”
Cheers
There’s no conspiracy “For Now”.
Maybe later!
