It turns out Google Chrome ships a default, hidden extension that allows code on `*.google.com` access to private APIs, including your current CPU usage

You can test it out by pasting the following into your Chrome DevTools console on any Google page:

chrome.runtime.sendMessage(
"nkeimhogjdpnpccoofpliimaahmaaome",
{ method: "cpu.getInfo" },
(response) => {
console.log(JSON.stringify(response, null, 2));
},
);

More notes here: simonwillison.net/2024/Jul/9/h

@simon Not knowing how '*' is implemented, I'm concerned that it might it used on other websites matching `*.google.com`, such as my.malevolence.site/.google.co.

Sign in to participate in the conversation
Mauvestodon

Escape ship from centralized social media run by Mauve.