1. Describe your environment: What is your industry? What is your role in your organization? Describe your stakeholders.
I'm the Creo responsible from IT for mechanical engineering departments in special machinery and trying to keep our Creo workplaces working efficiently and secure.
2. What version of Creo Parametric are you currently running?
Creo 4.0 / Upgrade to Creo 9.0 running.
3. Describe the problem you are trying to solve. Please include detailed documentation such as screenshots, images or video.
Creo integrates a Chromium browser component. Every user can browse the internet without specific restrictions with that Creo integrated browser component, There are regular security patches required for the browser component to fix security issues.
The latest in 2022, see PTC CS366360 “Google Chrome browser's multiple CVEs - Impact on Creo Parametric family of products”.
There are also undiscovered security issues right now. This leads to security issues on our client machines.
4. What is the use case for your organization?
Improve security on client machines running Creo Parametrics.
5. What business value would your suggestion represent for your organization?
Security incidents might have a huge impact, differing on the single case. It's worth to spend a feature on PTC side here to prevent these issues on the customer side.
Suggestion how to solve
One possibility could be to use the Creo embedded framework API RequestHandler.OnBeforeBrowse Method to abort integrated Creo browser calls to all URLs that are not part of a whitelist that could be specified via a Creo option e.g. creo_embedded_browser_url_whitelist_path pointing to a plain text file that contains allowed URLs.
See also: https://stackoverflow.com/a/65699918
