Here’s the plan. You write an extension for chrome that makes chrome think all traffic from [cryptominingcentral.com] is actually from *.google.com. Make folks install the plugin via the tried and tested methods like phishing. … profit
Google Chrome ships a default, hidden extension that allows code on *.google.com access to private APIs, including your current CPU usage
Submitted 5 months ago by Andromxda@lemmy.dbzer0.com to technology@beehaw.org
https://fedi.simonwillison.net/@simon/112757810519145581
Comments
abbadon420@lemm.ee 5 months ago
authorinthedark@lemmy.sdf.org 5 months ago
couldn’t you do that anyway if you can get people to install an extension? taking advantage of this for crypto mining purposes feels like extra steps
Hirom@beehaw.org 5 months ago
Cannot reproduce on chromium. Has anyone reproduced it?
BlueEther@no.lastname.nz 5 months ago
yeah:
{ "value": { "archName": "arm64", "features": [], "modelName": "Apple M2", "numOfProcessors": 8, "processors": [ { "usage": { "idle": 10841460, "kernel": 611796, "total": 13342920, "user": 1889664 } },...
Andromxda@lemmy.dbzer0.com 5 months ago
Did you use normal chromium or Ungoogled Chromium? I tried it on the Arc Browser (which is based on Chromium), and it worked, but it didn’t work on Ungoogled Chromium.
Hirom@beehaw.org 5 months ago
Neither. I use a chromium package from my linux distribution.
It has many patches on top of the upstream chromium. That probably explain why that unwanted feature isn’t there.
This issue appear on Google Chrome for Windows on my other machine. Just uninstalled it, never used it anyway.
jherazob@beehaw.org 5 months ago
Reproduced here, Chromium on Linux Mint desktop. You need to have open a Google.com site for it to work though.
boonhet@lemm.ee 5 months ago
Chrome cryptominer when
Pechente@feddit.org 5 months ago
Probably already installed. That would at least explain the high resource usage of chrome
AlexWIWA@lemmy.ml 5 months ago
I’m willing to be we’ll see something to train language models on the user’s hardware soon enough. Folding at home, but instead of helping science, Google steals your electricity.
vvv@programming.dev 5 months ago
I really think that’s the secret end game behind all the AI stuff in both Windows and MacOS. MS account required to use it. (anyone know if you need to be signed in to apple ID for apple ai?) “on device” inference that sometimes will reach out to the cloud. when it feels like it. maybe sometimes the cloud will reach out to you and ask your cpu to help out with training.
that, and better local content analysis. “no we aren’t sending everything the microphone picks up to our servers, of course not. just the transcript that your local stt model made of it, you won’t even notice the bandwidth!)”
zqwzzle@lemmy.ca 5 months ago
The shitty reboot of Office Space where some low level Google employee realizes they can stick a crypto miner in every browser and generate a couple cents from everyone’s browser.
Tolookah@discuss.tchncs.de 5 months ago
G Suite Space?