Date: Fri, 15 Jan 2021 20:42:27 +0100 From: =?UTF-8?Q?Ren=C3=A9_Ladan?= <rene@freebsd.org> To: chromium-list freebsd <freebsd-chromium@freebsd.org> Subject: Fwd: [Action Required] Update on Google API usage in Chromium Message-ID: <CADL2u4ipGvs2rY_DFnA48F9qkHz_64v2o1pjK2ZaqonLQEYqJw@mail.gmail.com> In-Reply-To: <ab9d5033c1fa5d602130c7b75a52e6582ee18618-20145073-110888569@google.com> References: <ab9d5033c1fa5d602130c7b75a52e6582ee18618-20145073-110888569@google.com>
next in thread | previous in thread | raw e-mail | index | archive | help
FYI, not sure what it means exactly. ---------- Forwarded message --------- Van: The Google Chrome Team <chrome-noreply@google.com> Date: vr 15 jan. 2021 19:07 Subject: [Action Required] Update on Google API usage in Chromium To: <r.c.ladan@gmail.com> [image: Google logo] As part of Google=E2=80=99s efforts to improve user data security, we are r= emoving access to those APIs starting on March 15, 2021. Hi Chromium Developer, We are writing to let you know that *starting March 15, 2021*, end users of Chromium and Chromium OS derivatives using google_default_client_id and google_default_client_secret on their build configuration will no longer be able to sign into their Google Accounts. What do I need to know? During a recent audit, we discovered that some 3rd-party Chromium-based browsers had keys that were allowed to access Google APIs and services that are reserved for Google use only. Chrome Sync is the most notable of these APIs. In practice, this means that a user would be able to access their personal Chrome Sync data (such as bookmarks) not just with Chrome, but also with a non-Google, Chromium-based browser. *Please note that users would only be able to access their own Chrome Sync data, and only a small fraction of users of Chromium based browsers were impacted. We have no reason to believe that user data is being abused or accessed by anyone other than the users themselves.* As part of Google=E2=80=99s efforts to improve user data security, we are r= emoving access from Chromium and Chromium OS derivatives that used google_default_client_id and google_default_client_secret on their build configuration to Google-exclusive APIs starting on *March 15, 2021*. Guidance for vendors of Chromium derivative products is available on the Chromium wiki <https://www.google.com/appserve/mkt/p/AD-FnEycz-jrlb-Bbw89OWkzDz0lmXbhAQQn= dI0YsPIPxY01phzUiUkgypbC7k9V2CU87k4E09GGJAC5Usq0msCYcDfxZzQtg50TgcFfsuaP4Dm= s5ZkKZu9JNWU> . What does this mean for my users? Users of products that are incorrectly using these APIs will notice that they won't be able to log into their Google Accounts in those products anymore. For users who accessed Google features (like Chrome Sync) through a 3rd-party Chromium-based browser, their data will continue to be available in their Google Account, and data that they have stored locally will continue to be available locally. As always, users can view and manage their data through Google Chrome, Chrome OS, and/or on the My Google Activity page <https://www.google.com/appserve/mkt/p/AD-FnExyUUIEWUiY3JeJFFZI5q9XNVRixtpu= K9KuutGXpZXuaAA2_2RHN6jabaH6E1V2QJ5OD7mI1b4UkMaHpHaD_W9NPh9An9T3hcvwZJI>, and they can also download their data from the Google Takeout page <https://www.google.com/appserve/mkt/p/AD-FnEwCp-RSh0YDskVP-d2SuvE2oy8N-M4G= 8jQ54XZ4l2KEJeJNkmOTCp-tpQUlAp_9vf9JPkIUJcJsRVkUzQD1vQ>, and/or delete it from this page <https://www.google.com/appserve/mkt/p/AD-FnExZvcjiEOhOHEOFpDPi69iRDOofCAle= GNy1gWmW21y9K1qPojjyMlE_6WIUD_BcsynS4qgw2XsZu4Sv31tFy1HNkg> . What do I need to do? To avoid disruption, follow the instructions for configuring and building Chromium derivatives in the Chromium Wiki (link provided above). Possible ways to implement this are: - Removing *google_default_client_id* and *google_default_client_secret* from your build configuration. - Passing the *--allow-browser-signin=3Dfalse* flag at startup. Your projects that may be affected by this change are listed below: - Chromium - FreeBSD (api-project-996322985003) <https://www.google.com/appserve/mkt/p/AD-FnEzvY6XtcCcxBmSQ1hwzcYo6lSp49= G8pYtjUi9U_zcAysj_n-Hg23mK6vPLOSdTYPgr1e7-wEWYiL0Zm34mqXbkmgWq-xLpVDExRvgEM= nLZTaPYOay3k7O7AKraA2e7xRYHIjAvRbYu8yMk> If you have any questions or require assistance, please *contact embedder-dev@chromium.org <embedder-dev@chromium.org>*. Sincerely, The Google Chrome Team Was this information helpful? YES <https://www.google.com/appserve/mkt/p/AD-FnExIgGPyOkHg5s4z83RTt2TzIlmlu6Nj= Spj0Gs_VSJWPxq7w-NbKzM8tpxNFzo_FCX7SBCw-SAU0v1Ye_8SSt6SzgATV9ynV8OSZoHqmWIq= 1EXAqFx52F5V5bHCK2JMoIMz7uanaTCAAlsJka_5gpR0Te5qw6oG0QghI9lQNIf1V7EXzNeCSq1= WlgqH_3yc> NO <https://www.google.com/appserve/mkt/p/AD-FnEz55TaUxN3pMCdjvIYWDCAO-snyGda_= Nel54OthjFljqnLEX3eZZzfYexGCjZrHo-pivIRkyS3owQHAEdWJgZhsINnqlraNAoklCKp-iTg= m8IeCe9GaZfyfIffMsojBta8lJqbO4r_W2DVdcfaoGr0s2y9q3aP3GEZvmZHtex9LkV1Vy1XRLO= lm-WvJMg> =C2=A9 2021 Google LLC 1600 Amphitheatre Parkway, Mountain View, CA 94043 You have received this mandatory service announcement to update you about important changes to Google services you use.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CADL2u4ipGvs2rY_DFnA48F9qkHz_64v2o1pjK2ZaqonLQEYqJw>