It turns out Google Chrome ships a default, hidden extension that allows code on `*.google.com` access to private APIs, including your current CPU usage
You can test it out by pasting the following into your Chrome DevTools console on any Google page:
chrome.runtime.sendMessage(
"nkeimhogjdpnpccoofpliimaahmaaome",
{ method: "cpu.getInfo" },
(response) => {
console.log(JSON.stringify(response, null, 2));
},
);
More notes here: https://simonwillison.net/2024/Jul/9/hangout_servicesthunkjs/
It does. You can even try it out yourself. Install Ungoogled Chromium, go to google.com and paste the following code in the Developer console (which you can bring up by pressing F12 and clicking on ‘Console’ at the top of the DevTools interface):
Seems like a great option. Can anyone more familiar with the code confirm this removes the aforementioned CPU-fingerprinting plugin?
It does. You can even try it out yourself. Install Ungoogled Chromium, go to google.com and paste the following code in the Developer console (which you can bring up by pressing F12 and clicking on ‘Console’ at the top of the DevTools interface):
chrome.runtime.sendMessage( "nkeimhogjdpnpccoofpliimaahmaaome", { method: "cpu.getInfo" }, (response) => { console.log(JSON.stringify(response, null, 2)); }, );
If it returns nothing or an error, you’re good. If it returns something like this:
{ "value": { "archName": "arm64", "features": [], "modelName": "Apple M2 Max", "numOfProcessors": 12, "processors": [ { "usage": { "idle": 26890137, "kernel": 5271531, "total": 42525857, "user": 10364189 } }, ...
it means that the hidden extension is present, and *.google.com sites have special access in your browser.