HN Showcase
Back to browse
PoC to use the Chrome Prompt API on other people's machine

PoC to use the Chrome Prompt API on other people's machine

by psyonity·Jun 2, 2026·3 points·0 comments
Visit ProjectView on HN

AI Analysis

●●SolidBold BetBig Brain

Exposes silent 4GB model downloads via Chrome Prompt API before it ships widely.

Strengths
  • Demonstrates real attack vector with working PoC, not just theoretical concerns.
  • Highlights missing consent dialogs in a browser API rolling out to millions.
  • Inspired by prior security research, adds practical demonstration layer.
Weaknesses
  • Quick and dirty PoC without deeper exploitation chains or mitigation proposals.
  • Chrome-only demo limits broader browser security conversation.
Category
Security
Target Audience

Web developers, security researchers, browser API users

Similar To

That Privacy Guy blog · Browser security research demos

Post Description

I've built a quick and dirty concept that shows the new built-in (since Chrome 148) prompt api in action. It offloads the messages to random other people that are visiting the site.

Ever since I saw the prompt api I thought this was a risk, considering there is no accept, agree or any dialog to download or use the api. It's inspired by the post from https://www.thatprivacyguy.com/blog/chrome-silent-nano-insta...

Similar Projects

AI/ML●●Solid

Excellusion, a PoC about the future of apps

LLM-powered spreadsheet with no formula parser—pure prediction satisfies the contract.

Big BrainRabbit HoleWizardry
riffonio
103mo ago