Shocking! Google has reserved a private API in Chromium that allows Google websites to read more PC hardware information, such as CPU/GPU usage and log records.
Chromium is an open-source browser project led by Google. Google's Chrome browser, Microsoft's Edge browser, and browsers like Opera, Brave, and Vivaldi are all built on the Chromium project.
Recently, developer @lcasdev discovered something shocking while examining the Chromium source code: Google has reserved a private API that is only accessible to Google's main domain, *.google.com.
What is this API used for? With this API, Google websites can read CPU usage, GPU usage, memory usage, access CPU specifications, and provide logging.
Normally, websites can only obtain information about a user's PC through the UserAgent string, which typically provides details such as CPU architecture, operating system version, or screen resolution through other means.
However, the hardware information Google can obtain through this private API is much more detailed. Setting aside the privacy issues, the fact that this API is only available to Google domains violates the EU's latest Digital Markets Act (DMA).
For example, both Google Meet and Zoom provide video conferencing services. With the help of this private API, Google can optimize the performance of Google Meet on PCs as much as possible. In contrast, Zoom cannot access detailed CPU/GPU usage information, making its optimization efforts less effective. This gives Google an unfair competitive advantage using Chrome, putting Zoom at a disadvantage.
Further analysis revealed that this private API is implemented through a Chrome extension (ID: nkeimhogjdpnpccoofpliimaahmaaome), but users cannot disable this extension or find it on the extension management page, making it completely private to users.
It is noteworthy that at least two third-party browsers based on Chromium have already been found to include this extension. Apparently, these browser developers were unaware of this situation; otherwise, they would have removed this extension during development.
These two browsers are Microsoft Edge and Brave. It is likely that other browsers developed based on the Chromium project also include this extension, providing Google websites with more hardware information from users.
Given the issues of overreach, privacy concerns, and potential DMA violations, Google may respond in the near future. However, it is not yet clear whether Google will update Chrome to allow users to disable this extension.
This article is translated from https://ourl.co/104867
Chromium is an open-source browser project led by Google. Google's Chrome browser, Microsoft's Edge browser, and browsers like Opera, Brave, and Vivaldi are all built on the Chromium project.
Recently, developer @lcasdev discovered something shocking while examining the Chromium source code: Google has reserved a private API that is only accessible to Google's main domain, *.google.com.
What is this API used for? With this API, Google websites can read CPU usage, GPU usage, memory usage, access CPU specifications, and provide logging.
Normally, websites can only obtain information about a user's PC through the UserAgent string, which typically provides details such as CPU architecture, operating system version, or screen resolution through other means.
However, the hardware information Google can obtain through this private API is much more detailed. Setting aside the privacy issues, the fact that this API is only available to Google domains violates the EU's latest Digital Markets Act (DMA).
For example, both Google Meet and Zoom provide video conferencing services. With the help of this private API, Google can optimize the performance of Google Meet on PCs as much as possible. In contrast, Zoom cannot access detailed CPU/GPU usage information, making its optimization efforts less effective. This gives Google an unfair competitive advantage using Chrome, putting Zoom at a disadvantage.
Further analysis revealed that this private API is implemented through a Chrome extension (ID: nkeimhogjdpnpccoofpliimaahmaaome), but users cannot disable this extension or find it on the extension management page, making it completely private to users.
It is noteworthy that at least two third-party browsers based on Chromium have already been found to include this extension. Apparently, these browser developers were unaware of this situation; otherwise, they would have removed this extension during development.
These two browsers are Microsoft Edge and Brave. It is likely that other browsers developed based on the Chromium project also include this extension, providing Google websites with more hardware information from users.
Given the issues of overreach, privacy concerns, and potential DMA violations, Google may respond in the near future. However, it is not yet clear whether Google will update Chrome to allow users to disable this extension.
This article is translated from https://ourl.co/104867