Open Menu
AllLocalCommunitiesAbout
lotide
AllLocalCommunitiesAbout
Login

Google Chrome ships a default, hidden extension that allows code on *.google.com access to private APIs, including your current CPU usage

⁨197⁩ ⁨likes⁩

Submitted ⁨⁨9⁩ ⁨months⁩ ago⁩ by ⁨Andromxda@lemmy.dbzer0.com⁩ to ⁨technology@beehaw.org⁩

https://fedi.simonwillison.net/@simon/112757810519145581

simonwillison.net/…/hangout_servicesthunkjs/

source

Comments

Sort:hotnewtop
  • boonhet@lemm.ee ⁨9⁩ ⁨months⁩ ago

    Chrome cryptominer when

    source
    • Pechente@feddit.org ⁨9⁩ ⁨months⁩ ago

      Probably already installed. That would at least explain the high resource usage of chrome

      source
    • AlexWIWA@lemmy.ml ⁨9⁩ ⁨months⁩ ago

      I’m willing to be we’ll see something to train language models on the user’s hardware soon enough. Folding at home, but instead of helping science, Google steals your electricity.

      source
      • vvv@programming.dev ⁨9⁩ ⁨months⁩ ago

        I really think that’s the secret end game behind all the AI stuff in both Windows and MacOS. MS account required to use it. (anyone know if you need to be signed in to apple ID for apple ai?) “on device” inference that sometimes will reach out to the cloud. when it feels like it. maybe sometimes the cloud will reach out to you and ask your cpu to help out with training.

        that, and better local content analysis. “no we aren’t sending everything the microphone picks up to our servers, of course not. just the transcript that your local stt model made of it, you won’t even notice the bandwidth!)”

        source
    • zqwzzle@lemmy.ca ⁨9⁩ ⁨months⁩ ago

      The shitty reboot of Office Space where some low level Google employee realizes they can stick a crypto miner in every browser and generate a couple cents from everyone’s browser.

      source
      • Tolookah@discuss.tchncs.de ⁨9⁩ ⁨months⁩ ago

        G Suite Space?

        source
  • abbadon420@lemm.ee ⁨9⁩ ⁨months⁩ ago

    Here’s the plan. You write an extension for chrome that makes chrome think all traffic from [cryptominingcentral.com] is actually from *.google.com. Make folks install the plugin via the tried and tested methods like phishing. … profit

    source
    • authorinthedark@lemmy.sdf.org ⁨9⁩ ⁨months⁩ ago

      couldn’t you do that anyway if you can get people to install an extension? taking advantage of this for crypto mining purposes feels like extra steps

      source
  • Hirom@beehaw.org ⁨9⁩ ⁨months⁩ ago

    Cannot reproduce on chromium. Has anyone reproduced it?

    source
    • BlueEther@no.lastname.nz ⁨9⁩ ⁨months⁩ ago

      yeah:

      {
        "value": {
          "archName": "arm64",
          "features": [],
          "modelName": "Apple M2",
          "numOfProcessors": 8,
          "processors": [
            {
              "usage": {
                "idle": 10841460,
                "kernel": 611796,
                "total": 13342920,
                "user": 1889664
              }
            },...
      
      source
    • Andromxda@lemmy.dbzer0.com ⁨9⁩ ⁨months⁩ ago

      Did you use normal chromium or Ungoogled Chromium? I tried it on the Arc Browser (which is based on Chromium), and it worked, but it didn’t work on Ungoogled Chromium.

      source
      • Hirom@beehaw.org ⁨9⁩ ⁨months⁩ ago

        Neither. I use a chromium package from my linux distribution.

        It has many patches on top of the upstream chromium. That probably explain why that unwanted feature isn’t there.

        This issue appear on Google Chrome for Windows on my other machine. Just uninstalled it, never used it anyway.

        source
    • jherazob@beehaw.org ⁨9⁩ ⁨months⁩ ago

      Reproduced here, Chromium on Linux Mint desktop. You need to have open a Google.com site for it to work though.

      source