Chromium browsers have been quietly sending user information to Google

Important Information: Users of browsers based on the Chromium open-source codebase, including Google Chrome, Microsoft Edge, Opera, and Brave, should be aware that a preinstalled extension is transmitting data about CPU and GPU usage to Google when visiting a Google domain. This news may draw scrutiny from the European Commission, which is already investigating Google for potential Digital Markets Act violations.

A preinstalled extension called “hangout_services” in Chromium browsers is quietly sending information about CPU and GPU usage to Google when users visit Google websites. Additionally, it is providing data on memory usage, processor information, and a logging backchannel exclusively to Google sites.

Chromium, developed and maintained primarily by Google, serves as the core codebase for popular browsers like Google Chrome, Microsoft Edge, Opera, and Brave.

Non-Chromium browsers like Firefox do not have this extension, potentially impacting their performance on Google sites. The exclusive access to this Chromium API by Google raises concerns about potential Digital Markets Act violations in the EU.

Google Chrome allows *.google.com sites access to system/tab CPU, GPU, and memory usage, as well as detailed processor information and a logging backchannel, exclusively for *.google.com.

– Luca Casonato ð³ï¸Â‍ð (@lcasdev) July 9, 2024

The API could potentially give Google services an unfair advantage over competitors, such as optimizing performance for Google Meet. Google explains that the API is used to enhance video and audio performance on their websites, particularly for Google Meet.

A Google spokesperson mentioned using the extension to optimize video and audio performance based on system capabilities and provide crash/performance data for issue detection and resolution.

Google may argue that the API is a standard part of the browser’s functionality through a preinstalled extension. Restricting access to Google domains could be positioned as a security measure against misuse by third parties.

The European Commission is investigating Google, Meta, and Apple for potential DMA violations, with this API potentially playing a role. The collection of user data without explicit consent could be viewed as a privacy violation, raising concerns about data sent to a US-based company without user awareness.