When I'm logged into Chrome (e.g. with my Gmail account) can websites view/obtain the email address associated with my Google/Chrome account? For example, as a means to "recognize" me?
Asked
Active
Viewed 1,014 times
2 Answers
2
No. Chrome doesn't disclose the email address associated with your Gmail account to websites without your consent. This would constitute an information leak vulnerability you could report to Google's VRP.
That said, they may be able to determine if you're logged, e.g. via timing attacks.
Even extensions need the chrome.identity API permissions to access your email address and other information about your account.
Arminius
- 43,922
- 13
- 140
- 136
0
No, as far as I know, they do not have access to your email address by default. The website needs to request permission to see it. This permission is given for example to use single-sign on.
That being said, I would not rely on it too much. It is OK for not revealing your email to websites that could spam your inbox but not really comforting enough to use when anonymity is required. Then again, you should not use Chrome when you need privacy.
PS: That being said, the current UI is terrible at explaining you are giving away your email address. It used to be you had to explicitly allow basic profile information. Now it seems you just need to use the single sign-on and the basic info is provided by default.
Peter Harmann
- 7,728
- 5
- 20
- 28