Fwd: [Action Required] Update on Google API usage in Chromium

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Fwd: [Action Required] Update on Google API usage in Chromium

Rene Ladan-3
FYI, not sure what it means exactly.

---------- Forwarded message ---------
Van: The Google Chrome Team <[hidden email]>
Date: vr 15 jan. 2021 19:07
Subject: [Action Required] Update on Google API usage in Chromium
To: <[hidden email]>


[image: Google logo]
As part of Google’s efforts to improve user data security, we are removing
access to those APIs starting on March 15, 2021.

Hi Chromium Developer,

We are writing to let you know that *starting March 15, 2021*, end users of
Chromium and Chromium OS derivatives using google_default_client_id and
google_default_client_secret on their build configuration will no longer be
able to sign into their Google Accounts.
What do I need to know?

During a recent audit, we discovered that some 3rd-party Chromium-based
browsers had keys that were allowed to access Google APIs and services that
are reserved for Google use only. Chrome Sync is the most notable of these
APIs.

In practice, this means that a user would be able to access their personal
Chrome Sync data (such as bookmarks) not just with Chrome, but also with a
non-Google, Chromium-based browser. *Please note that users would only be
able to access their own Chrome Sync data, and only a small fraction of
users of Chromium based browsers were impacted. We have no reason to
believe that user data is being abused or accessed by anyone other than the
users themselves.*

As part of Google’s efforts to improve user data security, we are removing
access from Chromium and Chromium OS derivatives that used
google_default_client_id and google_default_client_secret on their build
configuration to Google-exclusive APIs starting on *March 15, 2021*.
Guidance for vendors of Chromium derivative products is available on
the Chromium
wiki
<https://www.google.com/appserve/mkt/p/AD-FnEycz-jrlb-Bbw89OWkzDz0lmXbhAQQndI0YsPIPxY01phzUiUkgypbC7k9V2CU87k4E09GGJAC5Usq0msCYcDfxZzQtg50TgcFfsuaP4Dms5ZkKZu9JNWU>
.
What does this mean for my users?

Users of products that are incorrectly using these APIs will notice that
they won't be able to log into their Google Accounts in those products
anymore.

For users who accessed Google features (like Chrome Sync) through a
3rd-party Chromium-based browser, their data will continue to be available
in their Google Account, and data that they have stored locally will
continue to be available locally.

As always, users can view and manage their data through Google Chrome,
Chrome OS, and/or on the My Google Activity page
<https://www.google.com/appserve/mkt/p/AD-FnExyUUIEWUiY3JeJFFZI5q9XNVRixtpuK9KuutGXpZXuaAA2_2RHN6jabaH6E1V2QJ5OD7mI1b4UkMaHpHaD_W9NPh9An9T3hcvwZJI>,
and they can also download their data from the Google Takeout page
<https://www.google.com/appserve/mkt/p/AD-FnEwCp-RSh0YDskVP-d2SuvE2oy8N-M4G8jQ54XZ4l2KEJeJNkmOTCp-tpQUlAp_9vf9JPkIUJcJsRVkUzQD1vQ>,
and/or delete it from this page
<https://www.google.com/appserve/mkt/p/AD-FnExZvcjiEOhOHEOFpDPi69iRDOofCAleGNy1gWmW21y9K1qPojjyMlE_6WIUD_BcsynS4qgw2XsZu4Sv31tFy1HNkg>
.
What do I need to do?

To avoid disruption, follow the instructions for configuring and building
Chromium derivatives in the Chromium Wiki (link provided above).

Possible ways to implement this are:

   - Removing *google_default_client_id* and *google_default_client_secret*
   from your build configuration.
   - Passing the *--allow-browser-signin=false* flag at startup.

Your projects that may be affected by this change are listed below:

   - Chromium - FreeBSD (api-project-996322985003)
   <https://www.google.com/appserve/mkt/p/AD-FnEzvY6XtcCcxBmSQ1hwzcYo6lSp49G8pYtjUi9U_zcAysj_n-Hg23mK6vPLOSdTYPgr1e7-wEWYiL0Zm34mqXbkmgWq-xLpVDExRvgEMnLZTaPYOay3k7O7AKraA2e7xRYHIjAvRbYu8yMk>

If you have any questions or require assistance, please *contact
[hidden email] <[hidden email]>*.

Sincerely,

The Google Chrome Team

Was this information helpful?
YES
<https://www.google.com/appserve/mkt/p/AD-FnExIgGPyOkHg5s4z83RTt2TzIlmlu6NjSpj0Gs_VSJWPxq7w-NbKzM8tpxNFzo_FCX7SBCw-SAU0v1Ye_8SSt6SzgATV9ynV8OSZoHqmWIq1EXAqFx52F5V5bHCK2JMoIMz7uanaTCAAlsJka_5gpR0Te5qw6oG0QghI9lQNIf1V7EXzNeCSq1WlgqH_3yc>
  NO
<https://www.google.com/appserve/mkt/p/AD-FnEz55TaUxN3pMCdjvIYWDCAO-snyGda_Nel54OthjFljqnLEX3eZZzfYexGCjZrHo-pivIRkyS3owQHAEdWJgZhsINnqlraNAoklCKp-iTgm8IeCe9GaZfyfIffMsojBta8lJqbO4r_W2DVdcfaoGr0s2y9q3aP3GEZvmZHtex9LkV1Vy1XRLOlm-WvJMg>


© 2021 Google LLC 1600 Amphitheatre Parkway, Mountain View, CA 94043

You have received this mandatory service announcement to update you about
important changes to Google services you use.
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-chromium
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Fwd: [Action Required] Update on Google API usage in Chromium

freebsd-chromium mailing list
There seems to be a discussion on the chromium-packagers list for this:
https://groups.google.com/a/chromium.org/g/chromium-packagers/c/SG6jnsP4pWM/m/cknNqbEwCgAJ

Most likely the sync stuff and auto-login on Google sites will break
when removing the API keys and supplying the build flag, so I'd expect
a few unhappy users (based on the bug reports we had when sync was
broken).


_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-chromium
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Fwd: [Action Required] Update on Google API usage in Chromium

Rene Ladan-3
On Mon, Jan 18, 2021 at 11:03:18AM +0100, Matthias Wolf wrote:
> There seems to be a discussion on the chromium-packagers list for this:
> https://groups.google.com/a/chromium.org/g/chromium-packagers/c/SG6jnsP4pWM/m/cknNqbEwCgAJ
>
> Most likely the sync stuff and auto-login on Google sites will break
> when removing the API keys and supplying the build flag, so I'd expect
> a few unhappy users (based on the bug reports we had when sync was
> broken).
>
Yes, see also the mail I forwarded (perhaps using my gmail account).
I don think there is much we can do about that?

René
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-chromium
To unsubscribe, send any mail to "[hidden email]"