Andromxda 🇺🇦🇵🇸🇹🇼 to

Technology@lemmy.zipEnglish • 2 months ago

Google Chrome ships a default, hidden extension that allows code on *.google.com access to private APIs, including your current CPU usage

fedi.simonwillison.net

6

174

Google Chrome ships a default, hidden extension that allows code on *.google.com access to private APIs, including your current CPU usage

fedi.simonwillison.net

Andromxda 🇺🇦🇵🇸🇹🇼 to

Technology@lemmy.zipEnglish • 2 months ago

6

Simon Willison (@simon@simonwillison.net)

fedi.simonwillison.net

It turns out Google Chrome ships a default, hidden extension that allows code on `*.google.com` access to private APIs, including your current CPU usage You can test it out by pasting the following into your Chrome DevTools console on any Google page: chrome.runtime.sendMessage( "nkeimhogjdpnpccoofpliimaahmaaome", { method: "cpu.getInfo" }, (response) => { console.log(JSON.stringify(response, null, 2)); }, ); More notes here: https://simonwillison.net/2024/Jul/9/hangout_servicesthunkjs/

cross-posted from: https://lemmy.dbzer0.com/post/23752739

https://simonwillison.net/2024/Jul/9/hangout_servicesthunkjs/

Chat

@pivot_root@lemmy.world
link
fedilink
English
6•
edit-2
2 months ago
I mean…

It takes code from a remote source, compiles it into native machine code, and then executes said machine code.

It exposes hardware information, sensors, and system statistics to remote actors.

It can consume inordinate amounts of resources by mining for cryptocurrency in the background.

It keeps trying to get you to change system settings.

It’s hidden within the installers of other programs (thanks, Electron).

Out of context, those sure make it sound like malware.
- @trolololol@lemmy.world
  link
  fedilink
  English
  4•2 months ago
  Too big to fail
  
  It’s like saying rich people is eccentric, but us poor can only aim for crazy

Technology@lemmy.zip

!technology@lemmy.zip

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !technology@lemmy.zip

Which posts fit here?

Anything that is at least tangentially connected to the technology, social media platforms, informational technologies and tech policy.

Rules

1. English only

Title and associated content has to be in English.

2. Use original link

Post URL should be the original link to the article (even if paywalled) and archived copies left in the body. It allows avoiding duplicate posts when cross-posting.

3. Respectful communication

All communication has to be respectful of differing opinions, viewpoints, and experiences.

4. Inclusivity

Everyone is welcome here regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, education, socio-economic status, nationality, personal appearance, race, caste, color, religion, or sexual identity and orientation.

5. Ad hominem attacks

Any kind of personal attacks are expressly forbidden. If you can’t argue your position without attacking a person’s character, you already lost the argument.

6. Off-topic tangents

Stay on topic. Keep it relevant.

7. Instance rules may apply

If something is not covered by community rules, but are against lemmy.zip instance rules, they will be enforced.

Companion communities

!globalnews@lemmy.zip
!interestingshare@lemmy.zip

Icon attribution | Banner attribution

213 users / day
997 users / week
3.02K users / month
8.81K users / 6 months
1.17K subscribers
2.17K Posts
8.11K Comments
Modlog

mods:
BrikoX