Chrome Remote Desktop does look attractive. It's a multi-step process to install, including downloading and installing a Mac-native "Desktop Host" program (which otherwise seems connected to Google's automatic update service, so that's good).

It seems they're pretty smart about security. To connect to your own personal computer, remotely, you need to be logged into Google (which for me requires two-factor auth) plus you also need to know a 6+ digit PIN. I'm modestly concerned this pushes things beyond being usable for many people, but it would certainly do the job for me. Normally, I use VNC tunneled through SSH for this sort of thing, but it's a pain. For example, I've got SSH pinned through my home router to exactly one of my computers at home, so I don't have an easy way to connect to anything else there without having to scratch my head about setting up a multi-hop SSH tunnel or something.

Fun thought: I normally put my MacPro to sleep when I'm not using it, since it consumes a non-trivial amount of power. I have my older MacBook Air (circa 2008), which I replaced with the newer generation, sitting around idle 24/7, acting as a low-power print server, but otherwise hiding behind my firewall. With this Chrome Remote Desktop thing, I could remote-connect to that MacBook Air, and then kick my MacPro via Wake-on-LAN, which I could then get to via SSH, etc. This is intriguing.

For the "let somebody remotely help you" functionality, the user at the computer-in-need-of-help presses a "share" button which then generates a random 12-digit PIN. My father-in-law would then presumably read this to me over the phone. Curiously, this appears to be the only thing you need to know to connect to somebody's computer. All the rendez-vous mechanics presumably use Google as a coordination point, avoiding the need to monkey around with firewall configurations and the like.

It appears that this 12-digit PIN is only active for a limited lifetime, and only one machine is allowed in as a remote administrator at a time. This presumably means a very small number of these PINs are active at any given time and it would be hard to make random guesses and find yourself administering a mystery computer, somewhere out there.

I'm going to assume that Google's internal people have audited this from a security perspective, but I wouldn't put it past them to screw something up. I need to run this with WireShark in the background to see if any interesting cleartext flies by. Hmm.