Google has removed an extension from Chromium, the open source sibling to the Chrome browser, after accusations that the extension was installed surreptitiously and subsequently eavesdropped on Chromium users.
The issue first came to light in late May when a bug was filed in the Debian bug tracker. Chromium version 43 was seen downloading a binary extension from Google, and there was neither any ability to prevent this download, nor any source code available for the extension. The extension, called "Chrome Hotword," was found to be responsible for providing the browser's "OK, Google" functionality. Although off by default, both Chrome and Chromium, when set to use Google as their default search engine, can permanently listen to the microphone and respond instantly to voice queries, with "OK Google" used as the trigger keyword.
Concern about the nature and purpose of the extension was compounded by the way the browser did and didn't disclose the extension's existence. The list of extensions visible at chrome://extensions/
doesn't include Hotword. Conversely, Hotword's own status page, chrome://voicesearch/
said that by default the extension was enabled and had access to the microphone.