Google Chrome ships a default, hidden extension that allows code on *.google.com access to private APIs, including your current CPU usage

⁨197⁩ ⁨likes⁩

Submitted ⁨⁨9⁩ ⁨months⁩ ago⁩ by ⁨Andromxda@lemmy.dbzer0.com⁩ to ⁨technology@beehaw.org⁩

https://fedi.simonwillison.net/@simon/112757810519145581

simonwillison.net/…/hangout_servicesthunkjs/

source

Comments

Sort:hotnew top

boonhet@lemm.ee ⁨9⁩ ⁨months⁩ ago
Chrome cryptominer when

source
- Pechente@feddit.org ⁨9⁩ ⁨months⁩ ago
  Probably already installed. That would at least explain the high resource usage of chrome
  
  source
- AlexWIWA@lemmy.ml ⁨9⁩ ⁨months⁩ ago
  I’m willing to be we’ll see something to train language models on the user’s hardware soon enough. Folding at home, but instead of helping science, Google steals your electricity.
  
  source
  - vvv@programming.dev ⁨9⁩ ⁨months⁩ ago
    I really think that’s the secret end game behind all the AI stuff in both Windows and MacOS. MS account required to use it. (anyone know if you need to be signed in to apple ID for apple ai?) “on device” inference that sometimes will reach out to the cloud. when it feels like it. maybe sometimes the cloud will reach out to you and ask your cpu to help out with training.
    
    that, and better local content analysis. “no we aren’t sending everything the microphone picks up to our servers, of course not. just the transcript that your local stt model made of it, you won’t even notice the bandwidth!)”
    
    source
- zqwzzle@lemmy.ca ⁨9⁩ ⁨months⁩ ago
  The shitty reboot of Office Space where some low level Google employee realizes they can stick a crypto miner in every browser and generate a couple cents from everyone’s browser.
  
  source
  - Tolookah@discuss.tchncs.de ⁨9⁩ ⁨months⁩ ago
    G Suite Space?
    
    source
abbadon420@lemm.ee ⁨9⁩ ⁨months⁩ ago
Here’s the plan. You write an extension for chrome that makes chrome think all traffic from [cryptominingcentral.com] is actually from *.google.com. Make folks install the plugin via the tried and tested methods like phishing. … profit

source
- authorinthedark@lemmy.sdf.org ⁨9⁩ ⁨months⁩ ago
  couldn’t you do that anyway if you can get people to install an extension? taking advantage of this for crypto mining purposes feels like extra steps
  
  source
Hirom@beehaw.org ⁨9⁩ ⁨months⁩ ago
Cannot reproduce on chromium. Has anyone reproduced it?

source
- BlueEther@no.lastname.nz ⁨9⁩ ⁨months⁩ ago
  yeah:
  
  { "value": { "archName": "arm64", "features": [], "modelName": "Apple M2", "numOfProcessors": 8, "processors": [ { "usage": { "idle": 10841460, "kernel": 611796, "total": 13342920, "user": 1889664 } },...
  
  source
- Andromxda@lemmy.dbzer0.com ⁨9⁩ ⁨months⁩ ago
  Did you use normal chromium or Ungoogled Chromium? I tried it on the Arc Browser (which is based on Chromium), and it worked, but it didn’t work on Ungoogled Chromium.
  
  source
  - Hirom@beehaw.org ⁨9⁩ ⁨months⁩ ago
    Neither. I use a chromium package from my linux distribution.
    
    It has many patches on top of the upstream chromium. That probably explain why that unwanted feature isn’t there.
    
    This issue appear on Google Chrome for Windows on my other machine. Just uninstalled it, never used it anyway.
    
    source
- jherazob@beehaw.org ⁨9⁩ ⁨months⁩ ago
  Reproduced here, Chromium on Linux Mint desktop. You need to have open a Google.com site for it to work though.
  
  source