@simon I reckon it's used by reCaptcha and possibly Google sign in for detecting automated traffic, particularly as reCaptcha is loaded from google.com. I know lots of bot detection scripts query the chrome.runtime APIs but never understood why.