Google serves web pages and adds rate limits to keep people from taking their servers down (or, at least, from making them use way more servers than normal, which would make providing the services too expensive, which would force them to take the servers down). If their servers go down, then users can no longer use their web pages properly. But, here we see the rate limiting is itself keeping users from using web pages properly. So the rate limiting is effectively disabling services even though the whole point of the rate limit is to protect them!
I wonder if there are other feedback loops in Chrome where, in order to be able to keep serving web pages, Google could sometimes accidentally prevent Chrome users from viewing web pages?
The API key built into Chrome isn't exactly super secure - anyone can reverse engineer the binary to extract it.
One might imagine that an evil user has done exactly that, and started sending billions of requests to the API, exhausting the quota.
It is better to have the quota exhaust, effectively blocking all Chrome users, than have the service fail due to overload which would block all users (for example, maps.google.com, and iOS and Android)
The long term fix is probably to issue temporary per-user keys to each signed in user, so that anyone who misuses the key will only block themselves. Since Chrome allows non-signed in users, there will be considerable complexity and difficulty with that approach.
This is not a feedback loop, nor is it representative of any kind of systemic failure. The geocoding API is an external dependency, and in implementing their integration of this dependency, the Chromium developers failed to respect the contract of the dependency, specifically to secure a sufficiently large quota, and this resulted in a bug.
This is amusing and all because it comes from the same company, but Google is a huge company, and it's unlikely that the Chromium team's relationship with the geolocation API team is that much different than any other enterprise customers'.
Comment 9 by scheib@chromium.org, Today (33 minutes ago)
Status: Started
Thank you for reporting. We have adjusted API limits that should ease this immediately. Our monitoring is clearly not sufficient and we will follow up with process improvements to avoid this recurring.
The most secure approach is to get a premium plan with a cryptographic key and sign your requests serverside. This is complicated/not feasible for some APIs and client-side applications though.
Disclaimer: Googler, used to work on Google Maps, nothing to do with Chrome.
That still doesn't really protect the underlying API from abuse because the intermediate server could be abused by someone who stole that intermediate server's API Key from the app. The benefit is that folks wouldn't have full access to the underlying API, but it may be enough depending on the evil doers purposes.
i don't understand what do you mean. how can i do that?
f.e. how would i do that with AWS API?
the thing with chromium is: it is open source (you can find the credentials), it is meant to be used on any computer via any IP (you can't whitelist API requests)
>the thing with chromium is: it is open source (you can find the credentials)
No, you have to get your own API keys via Google Cloud API Manager before building chromium. That's the reason why Chromium on Windows doesn't let you log in.
I presume Chromium on linux distros will use an API key of the package maintainer.
Also, in most closed source binaries (which chrome is a part because it has binary blobs not present in Chromium - see Google Cast, etc) you will have to sign a EULA where you agree to no disassemble and use that API key, so doing so is illegal too.
Chromium != chrome. It doesn’t add much security, but I bet the API keys are added as part of whatever process google uses to build chrome from the chromium source
I'm almost sure this also happens with the translation API. Some days when I try to translate websites I get 403 errors and I have to wait for some time until I can use the feature again.
I think it might be relevant, this seems to indicate that google is hardcoding their API keys in the shipped chrome binaries. These exceeded, and broke functionality in the app. This seems like a bad security practice and it is very relevant to call it out here.
You can use Mozilla's free geolocation service based on crowd-sourced location data for hundreds of millions of Wi-Fi access points, cell towers, and Bluetooth beacons. The website has a zoomable world map of network location coverage:
