The original post: /r/privacy by /u/JonnyOuttaDaWoodwork on 2025-07-23 21:24:26.

Certified Information Privacy Manager & tech product manager here.

After installing the latest Windows update on my personal computer (Build 26100.4652 + Experience Pack 1000.26100.128.0), I noticed Chrome prompting me about a new extension: Microsoft Power Automate. I never installed this. It was quietly added by a Microsoft process outside the Chrome Web Store—no consent, no opt-in, just injected with system update.

While Chrome did flag it (“Another program on your computer added an extension…”), the warning is easy to miss or misunderstand—especially by casual users who trust anything from Microsoft. Clicking the already highlighted for you button to Enable, you grant it:

• Access to the page debugger backend
• Permission to read and change data on all websites
• Ability to communicate with native applications

This was added through system-level policies or installers—a serious overreach that affects every Chrome profile.

This isn’t just an annoyance. It’s a violation of software boundaries:

• Microsoft is modifying a competing browser’s behavior via the OS update mechanism.
• The extension has sweeping permissions.
• There’s no meaningful consent process.
• Many users will click “Enable” without realizing the implications.

Has anyone else experienced this?

Why is this allowed?

Why hasn’t Google responded publicly?

What happens if this becomes the norm for system updates?