Or anyone who controls your DNS resolution which has a number of paths (for example a local hosts file, possibly a router, changing your config or how you get your config to a malicious DNS server, etc)
In what world does "system / tab CPU usage, GPU usage, and memory usage" mean "full access to the system"? Any Chrome extension can access this info easily, the point that the tweet makes is that there's a built-in Chrome extension that shares this info with Google's own websites without any confirmation.
Is it really that easy? I just kind of assumed that devs could create subdomains under a dev TLD like googdev123.com, but not google.com until it was a fully-fledged product release.
Only to leak your CPU/GPU utilization though as far as I understand it. Those can also be exposed in other ways by legitimate JS/WebGPU by measuring/profiling shader runs/etc.
sophiebits|1 year ago
drpossum|1 year ago
isodev|1 year ago
riccardomc|1 year ago
But you could have teams with DNS zone delegation who can.create.anything.like.this.google.com
drpossum|1 year ago
eknkc|1 year ago
If that malicious actor can install a custom ca too, they can already install whatever spyware they want.
q3k|1 year ago
wbl|1 year ago
ruined|1 year ago
abirch|1 year ago
Tiberium|1 year ago
mysterydip|1 year ago
mywittyname|1 year ago
hn_go_brrrrr|1 year ago
lyu07282|1 year ago
Only to leak your CPU/GPU utilization though as far as I understand it. Those can also be exposed in other ways by legitimate JS/WebGPU by measuring/profiling shader runs/etc.
nashashmi|1 year ago