Simon WillisonJul 9, 2024

It turns out Google Chrome ships a default, hidden extension that allows code on `*.google.com` access to private APIs, including your current CPU usage

You can test it out by pasting the following into your Chrome DevTools console on any Google page:

chrome.runtime.sendMessage(
"nkeimhogjdpnpccoofpliimaahmaaome",
{ method: "cpu.getInfo" },
(response) => {
console.log(JSON.stringify(response, null, 2));
},
);

More notes here: https://simonwillison.net/2024/Jul/9/hangout_servicesthunkjs/

hangout_services/thunk.js

It turns out Google Chrome (via Chromium) includes a default extension which makes extra services available to code running on the *.google.com domains - tweeted about today by Luca Casonato, …

Simon Willison’s Weblog
Show threadJon S Jul 9, 2024
@simon This also appears to be present in @Vivaldi
Show threadKelsonJul 9, 2024

@jsparknz @simon @Vivaldi I did some testing and found that you can disable it in Vivaldi by turning off the Google Meet support in Vivaldi's Privacy and Security settings.

https://notes.kvibber.com/@kelson/statuses/01J2CQHARWXZ957D8RJ2Z4NNRH

Mine was already turned off, but I don't know what the default is, since I installed it so long ago and don't remember what settings I changed at the time.

Post by Kelson, @[email protected]

@[email protected] @[email protected] @[email protected] @[email protected] AHA! I'm using Vivaldi's built-in ad blocker, not uBlock, and turning it off didn't make a difference. BUT There is a section in Vivaldi's Privacy and Security settings for Google Extensi...

notes.kvibber.com
Show threadJon S 
@kelson @simon @Vivaldi Thank you for sharing that. I tried it out and turning it off works. It does seem to me something that should be off by default, though.
Jul 10, 2024 at 3:41amWeb