Google said today that other Chromium-based browsers are catching on to their infrastructure and abusing the Chrome Sync service to store their users’ data, bookmarks and browsing history on Google’s servers without authorization.
The discovery was made during a recent audit, “Google said in a brief statement today.
To prevent future abuse, Google said it intends to restrict some of the Chrome APIs (features) it contains in Chromium from March 15, 2021, which will not make it available to any other browser above developed on the Chromium open source code base.
It affects not only Chrome Sync but also other features like the Chrome Spelling API, the Contact API, the Chrome Translate Element and many more.
All of these APIs are implemented in the Chromium source code, the open source skeleton that is at the base of the Chrome browser, and that Google acquired with open source years ago.
Under normal circumstances, other companies that remove browsers on top of the Chromium code usually build these APIs and build their own similar systems over which they can have control.
The recent abuse that Google has discovered stems from incidents where ‘some third parties on Chromium browsers’ added API keys to these Chrome features and integrated them into their off-the-shelf browser products.
As a result, these businesses are abusing Google servers to store their own data, effectively reducing development costs on Google’s backs.
Google gave these businesses two months to remove these Chrome-specific APIs and features from their code and implement their own before cutting off access.
The browser manufacturer does not name the Chromium-based browsers that abuse its systems, and the list of Chromium-based browsers is too long to make a sensitive guess, ranging from big names like Microsoft Edge, Opera and Brave to smaller efforts. such as Blisk, Colibri and Torch.