It turns out Google Chrome ships a default, hidden extension that allows code on `*.google.com` access to private APIs, including your current CPU usage
You can test it out by pasting the following into your Chrome DevTools console on any Google page:
chrome.runtime.sendMessage(
"nkeimhogjdpnpccoofpliimaahmaaome",
{ method: "cpu.getInfo" },
(response) => {
console.log(JSON.stringify(response, null, 2));
},
);
More notes here: https://simonwillison.net/2024/Jul/9/hangout_servicesthunkjs/
Android is a very secure system, but that comes with some compromises such as customizability and development features. Both of which are important to the Lineage OS project. Also running Lineage OS is not any more insecure then running a Linux or Windows desktop without secure boot, which many people do without issue
There is also Lineage OS. It’s not as secure but it is compatible with the most amount of devices.
Unfortunately LineageOS is highly insecure because there’s no ability to lock the bootloader, and Android Verified Boot is completely missing. These are just the biggest and most obvious flaws in Lineage, but there are more: https://madaidans-insecurities.github.io/android.html#lineageos
Android is a very secure system, but that comes with some compromises such as customizability and development features. Both of which are important to the Lineage OS project. Also running Lineage OS is not any more insecure then running a Linux or Windows desktop without secure boot, which many people do without issue