•

Google Chrome ships a default, hidden extension that allows code on *.google.com access to private APIs, including your current CPU usage

Simon Willison (@simon@simonwillison.net)

https://fedi.simonwillison.net/@simon/112757810519145581

It turns out Google Chrome ships a default, hidden extension that allows code on `*.google.com` access to private APIs, including your current CPU usage You can test it out by pasting the following into your Chrome DevTools console on any Google page: chrome.runtime.sendMessage( "nkeimhogjdpnpccoofpliimaahmaaome", { method: "cpu.getInfo" }, (response) => { console.log(JSON.stringify(response, null, 2)); }, ); More notes here: https://simonwillison.net/2024/Jul/9/hangout_servicesthunkjs/

Simon Willison (@simon@simonwillison.net)

cross-posted from: https://lemmy.dbzer0.com/post/23752739

https://simonwillison.net/2024/Jul/9/hangout_servicesthunkjs/

199 comments

See all comments

JTheFox

•

Chromium alone depends on if it's the Google version or the Un-Googled version. For the Google version of Chromium, it still has that hangouts extension. However, the Un-Googled Chromium has that extension removed via the build flags, the one to note is enable_hangout_services_extension=false.

As others have said though, it can also depend on what other Chromium-based is being used. Some browsers like Brave and including Vivaldi can have this turned off in the settings. Others like Edge and Opera are affected as well. However it doesn't affect every Chromium-based browser.