Google said today that it caught other Chromium-based browsers hitching a ride on its infrastructure and abusing the Chrome Sync service to store its users’ data, bookmarks and browsing history on Google’s servers, without approval.
The discovery was made during “a recent audit”, Google said today in a brief statement.
To prevent future abuse, Google said it plans to limit some of the Chrome APIs (features) it includes within Chromium as of March 15, 2021, making them unavailable to any other browser developed on top of the open source Chromium .
This not only affects Chrome Sync, but also other features, such as the Chrome Spelling API, the Contacts API, Chrome Translate Element and many more.
All of these APIs are implemented within the source code of Chromium, the open source skeleton that underpins the Chrome browser, and which Google opened years ago.
Under normal circumstances, other companies that create browsers based on Chromium code often remove these APIs and create their own similar systems, over which they can control.
The recent abuse discovered by Google stems from incidents where “some third-party browsers based on Chromium” added API keys to these specific Chrome features and integrated them into their browser-derived products.
This has resulted in these companies abusing Google’s servers to store their own data, effectively reducing development costs for Google.
Google gave these companies two months to remove these Chrome-specific APIs and features from their codes and implement them before their access is interrupted.
The browser manufacturer did not cite Chromium-based browsers that abused their systems, and the list of Chromium-based browsers is also too long to make an educated guess, ranging from big names like Microsoft Edge, Opera and Brave to smaller ventures like Blisk, Colibri and Torch.