You’ve already got some answers, but the recent drama is specifically about a Chromium-centered API, called Web Environment Integrity.
It has been found on a Google engineer’s Github account, and iirc it’s being tested on Chrome.
It’s basically web DRM.
The idea is that the API allows websites to require browsers to guarantee they are unmodified through a “third-party” attester, like Google SafetyNet (or whatever the fuck it got rebranded as) does.
Imagine if you were trying to access a mobile-only website on your PC, by changing your HTTP user agent string;
the website would refuse to serve you the page, and tell you “I don’t trust you, are you really a Google Pixel?”.
A real Pixel’s browser would ask Google Play to vouch for it, and the website would trust Google Play (due to cryptographic shenanigans and whatnot); your browser, however, would not have an attester that:
is (claiming to be) universally accepted as trustworthy;
answers “yes, I’m a Google Pixel” on a PC;
has the necessary cryptographic secrets to work.
That doesn’t sound too bad.
But, what if the attester can check your browser’s extensions, and tell the website that you’re running an adblocker (which is WEI’s explicit goal)?
What if it also checks your system’s running processes or applications?
What if you ran a debloater script for Windows, and the attester decided that a lack of ads in the start menu was sus?
What if it detected VPN usage? I know some governments that wouldn’t like that, I bet they would like it if VPN users would be denied access to half the web…