Since 2012, Google Chrome offers a Gamepad API which, as its name suggests, allows web applications and games to access gamepads physical connected to a computer. Unfortunately, it seems that malicious people can use it to track online users and siphon their data. The Mountain View giant has announced that it is putting in place new restrictions to protect its users.
Similar measures had been taken by Mozilla with Firefox 81, a version released in September 2020. The API also exists on Safari, which allows everyone to use their iPhone or iPad with services like GeForce Now or Google Stadia without app store app.
More security by default on Chrome
The operation of the Gamepad API is relatively simple on all browsers. It consists of giving a unique identifier for each gamepad connected to your computer. Thus, Chrome receives a list of information from buttons and axes (joysticks, directional cross). All this data can be collected (under certain conditions), and this is what worries Google. With access to these, a malicious individual would be able to track someone via their digital fingerprint (or fingerprinting).
The measures announced by Google are very similar to what Mozilla communicated for its Firefox browser almost two years ago. First, the API will not work on sites that are not HTTPS, which is a combination of HTTP with an encryption layer like SSL or TLS. We remind you that it is also recommended to check a browser option to always upgrade browsing to HTTPS. It’s located in Privacy and security > Security > Advanced settings.
The second food for thought for Chrome is different API behavior in some integrations (embed). It is not yet known how this will work, but it could be a request for authorization from the user to activate the API and the support for his controller.
Prevention is better than cure ?
Such a restrictive measure could harm application and video game developers who need to use the controller for their operation. To not impact them and allow them access to a debugging environment, Chrome will introduce an advanced setting (flag). The latter will be accessible under the name of #restrict-gamepad-access. Everyone will be able to freely take advantage of the controllers and test games on a page or a local server (localhost) without setting up an SSL certificate.
It’s amazing to see Chrome implementing such a security measure long after Mozilla Firefox. Fortunately, there doesn’t seem to have been any “significant” instances of sites or tracking scripts using the Gamepad API to track a user. Google’s internet browser has already had to urgently fix three major flaws in 2022.
As of now, Google has yet to decide when the Gamepad API behavior update will roll out to everyone in Chrome.
On the same subject :
Chrome: how Google will favor quality extensions
To download
8
- Very good performance
- Simple and pleasant to use
- A secure browser
Google Chrome no longer has to prove its qualities as a stable, fluid, fast, secure, ergonomic and multifunctional browser. Its interface and its mode of use are suitable for all audiences, inexperienced as informed. Criteria that still allow it today to dominate the market on a global scale, and to pursue development that inspires new web standards. But Chrome is not immune to a much less formidable aspect: the collection and commercialization of personal data by the browser which makes it a serious threat to the privacy of Internet users, all the more so when used in conjunction with other Google services. If respect for confidentiality must, for you, take precedence over the rest, we advise you to turn to Brave or Firefox, more reliable alternatives with satisfactory performance.
Google Chrome no longer has to prove its qualities as a stable, fluid, fast, secure, ergonomic and multifunctional browser. Its interface and its mode of use are suitable for all audiences, inexperienced as informed. Criteria that still allow it today to dominate the market on a global scale, and to pursue development that inspires new web standards. But Chrome is not immune to a much less formidable aspect: the collection and commercialization of personal data by the browser which makes it a serious threat to the privacy of Internet users, all the more so when used in conjunction with other Google services. If respect for confidentiality must, for you, take precedence over the rest, we advise you to turn to Brave or Firefox, more reliable alternatives with satisfactory performance.
Sources: XDA-developers, Mozilla
3