Google Chrome ships a default, hidden extension that allows code on *.google.com access to private APIs, including your current CPU usage

Yet another reason to switch to Firefox, or even better, a hardened fork like LibreWolf !librewolf@lemmy.ml

Would everyone who is surprised by this please raise your hand? . . . That's what I thought.

It baffles me that they sell Chrome as private and/or secure, and baffles me even more that people believe them.

This is hilarious! It even works on Edge, Vivaldi and even Brave 🤣. Good thing I use Firefox in almost everything or general day to day use

idk what to tell you if you're still using chrome

#UninstallChrome

If you're still using Google Chrome in 2024, you might be a moron. #Firefox

Remember when Google pushed for use of open standard in the browser to force Microsoft IE out of the market? Oh yeah I ‘member

Google does a lot of standards breaking things.

Like allowing a link on Google Apps Marketplace to open a new window (like popup) with POST instead of GET. (This pretty much ensures that buying an app will fail for browsers that follow the spec)

There's a bunch of stuff in Chrome that's special-cased to only allow Google to access it.

Not sure if it's still there, but many years ago I was trying to figure out how to do something that some Google webapp was doing (can't remember which one). I think it was something to do with popping up a chromeless window - that is, a new window with no address bar or browser chrome, just some HTML content.

Turns out the Chromium codebase had a hard-coded allowlist that only allowed *.google.com to use the API!

Edit: my memory was a bit wrong. It was this: https://stackoverflow.com/a/11614605. The Hangouts extension was allowlisted to use the functionality, but if any other extension wanted to use it, the user had to enable an experimental setting.

How long until it will be used as a backdoor to hack womeone's PC?

Ianal, but this sounds like something worthy of suing their ass over. There's not much Google would respond to and good luck beating their lawyers, but the only language they speak is $, so please try to take as much as possible away from them for this garbage.

Not a legal mastermind by a long shot but it seems like a DMA violation. Someone needs to get the EU on their ass.

I will stick with using Firefox.

Hmmm, no way this could ever turn into a security hole, I'm sure of it.

I already ditched Windows for Linux a month ago because of spyware. Everything Google-related is next. My phone is going to be the hardest thing to de-infest.

Just use Firefox

shrug

“Don’t be evil”

this just in: google is still spying on you in every way possible

Uhh do we know if this extends to sites.google.com?

Why do people still use Chrome?

Please uninstall it from everyone's home pc and phone that you come into contact with

Does this also affect Chromium, or is it just Google Chrome?

The article mentions it being affecting Google Chrome through Chromium, but it's not clear if it also affects Chromium on its own, or other Chromium-based browsers.

This that and the article are very light on details, but I couldn't find an article deeper in details

My laptop, that I own and runs Linux that I installed, has chrome in it. I'm order to log into Gmail for work, it installs an extension that is capable of telling Gmail if my disk is encrypted. I know because you get an error message until my disk was actually encrypted. It was a big surprise to me, and I wonder if this is done by the same piece of code.

Btw would there be a way to do virtualization through perhaps docker or flat pack or chroot that can isolate chrome in a sandbox and prevent it from a) reading and writing files anywhere on any disk and b) get other data such as CPU, disk encryption etc?

Can someone explain this to me like I'm 5. I understand it's not good but I don't know why and I would like to understand it.

Refreshing change from reading about some new AI powered tracking nonsense in Windows.

Is this for malicious harvesting or is this part of their chrome device trust product for enterprises?

LibreWolf, Mull, Chromium, ...

Suprise Suprise!

i think it's used for the performance testing feature in google meet n stuff like that..

Google Meet can show CPU usage, they aten't trying to hide this.