Google said today that it caught other Chromium-based browsers piggybacking on its infrastructure and abusing the Chrome Sync service to store their users' data, bookmarks, and browsing history on Google's servers, without approval.
The discovery was made during "a recent audit," Google said today in a short statement.
To prevent future abuse, Google said it plans to limit some of the Chrome APIs (features) that it includes inside Chromium starting March 15, 2021, making them unavailable for any other browser developed on top of the Chromium open-source codebase.
This doesn't only impact Chrome Sync but also other features such as the Chrome Spelling API, the Contacts API, the Chrome Translate Element, and many more.
All of these APIs are implemented inside the Chromium source code, the open-source skeleton that is at the base of the Chrome browser, and which Google open-sourced years ago.
Under normal circumstances, other companies that build browsers on top of the Chromium code usually remove these APIs and build their own similar systems, over which they can have control.
The recent abuse discovered by Google stems from incidents where "some third-party Chromium based browsers" added API keys to these Chrome specific features and integrated them inside their offshoot browser products.
This resulted in these companies abusing Google servers to store their own data, effectively cutting development costs on Google's back.
Google has given these companies two months to remove these Chrome-specific APIs and features from their code and implement their own before their access is cut off.
The browser maker did not name the Chromium-based browsers that abused its systems, and the list of Chromium-based browsers is also too long to make an educated guess, ranging from big names like Microsoft Edge, Opera, and Brave to smaller endeavors like Blisk, Colibri, and Torch.