It turns out Google Chrome ships a default, hidden extension that allows code on `*.google.com` access to private APIs, including your current CPU usage
You can test it out by pasting the following into your Chrome DevTools console on any Google page:
chrome.runtime.sendMessage(
"nkeimhogjdpnpccoofpliimaahmaaome",
{ method: "cpu.getInfo" },
(response) => {
console.log(JSON.stringify(response, null, 2));
},
);
More notes here: https://simonwillison.net/2024/Jul/9/hangout_servicesthunkjs/
Here’s the plan. You write an extension for chrome that makes chrome think all traffic from [cryptominingcentral.com] is actually from *.google.com. Make folks install the plugin via the tried and tested methods like phishing. … profit
Here’s the plan. You write an extension for chrome that makes chrome think all traffic from [cryptominingcentral.com] is actually from *.google.com. Make folks install the plugin via the tried and tested methods like phishing. … profit
couldn’t you do that anyway if you can get people to install an extension? taking advantage of this for crypto mining purposes feels like extra steps