It turns out Google Chrome ships a default, hidden extension that allows code on `*.google.com` access to private APIs, including your current CPU usage
You can test it out by pasting the following into your Chrome DevTools console on any Google page:
chrome.runtime.sendMessage(
"nkeimhogjdpnpccoofpliimaahmaaome",
{ method: "cpu.getInfo" },
(response) => {
console.log(JSON.stringify(response, null, 2));
},
);
More notes here: https://simonwillison.net/2024/Jul/9/hangout_servicesthunkjs/
Removed by mod
Chromium*, but yes
I wouldn’t call Chromium malware. Anticompetitive yes but not malware
I mean…
It takes code from a remote source, compiles it into native machine code, and then executes said machine code.
It exposes hardware information, sensors, and system statistics to remote actors.
It can consume inordinate amounts of resources by mining for cryptocurrency in the background.
It keeps trying to get you to change system settings.
It’s hidden within the installers of other programs (thanks, Electron).
Out of context, those sure make it sound like malware.
Too big to fail
It’s like saying rich people is eccentric, but us poor can only aim for crazy