14 DAY TRIAL // The Plus One extension of the popular browser was discovered as sending HTTPS URLs to Google's servers, including those that might contain sensitive information.
Matt Mastracci found the bug which made sure even bank URLs which contained session query-strings ended up on the giant's servers.
Google already replied to the matter and promised to patch the issue by tomorrow when they release an update to stop the tracking process.
“Given that there's no current way for a webpage to identify itself as a 'bank-type' site versus a 'github-type' site, this is a reasonably good fix. I sincerely hope that in the future they'll add options to disable counts for 1) https: sites, and 2) all URLs, to avoid sending URL streams back to the server if you don't want to,” Mastracci said.