It will soon be less easy to use a video game controller on Chrome. In order to improve the security of its users, Google will indeed prevent their operation on non-HTTPS sites as well as on integrated windows. In this way, the firm hopes to reduce the risk of personal data theft.
Chrome has supported video game controllers for a good decade. To do this, the browser offers an API called GamePad, also available on Safari, which allows iPhones and iPads to be compatible with PS5 and Xbox Series X controllers. This support is essential, in particular in the age of cloud gaming. Without this API, no Stadia or even GeForce Now for many players.
To allow the controller to be used, the Gamepad API assigns a unique identifier to the latter as soon as it is connected to the PC. Chrome then interprets the sequence of inputs sent by the player through the buttons and joysticks. Only then, this identifier and, therefore, the data sent by the controller can be intercepted by malicious individuals. Once done, the player would find himself, without realizing it, spied on by an individual capable of following his activities on the web.
Google will restrict the use of controllers on Chrome for the sake of gamers
To avoid getting there, Google has therefore decided to take some preventive measures. Starting with blocking controllers when they are not on an HTTPS domain. All sites that do not offer this encryption method will no longer be able to access player inputs.
Related: Stadia Gives A Controller And Chromecast Ultra For The Price Of A Game
Then, Google explains that the controller will work differently in integrated games, or embed, but without giving more details. It is possible that this is only a request for authorization from the player to ensure that he is in control.
Note that Firefox has already made this choice more than two years ago, which seems to indicate that the issue is very real. Despite everything, there are currently no serious cases linked to this type of fault.
Source: XDA Developers