Friends, Chromium, Countrymen - Lend Me Your Ears

A recent article describes the rather "sneaky" download of a listening component on the open source version of the Chrome browser, Chromium:
Chromium, the open-source version of Google Chrome, had abused its position as trusted upstream to insert lines of source code that bypassed this audit-then-build process, and which downloaded and installed a black box of unverifiable executable code directly onto computers, essentially rendering them compromised.
That's a no-no, but it opens up the whole convenience vs privacy aspect of those types of "listening" services, like Siri and the Google feature mentioned. Personally, I don't have Google set to listen on my phone and tablet; I have to swipe up, then say "okay Google" for it to listen for the next bit of speech.

At least that's what I hope it does. For all I know, it could be listening all the time. It's one thing to use Siri or Google Now or Xbox knowing what those features do, but quite another when it's done without one's knowledge, as in the Chromium example.

If that sounds paranoid, how about the new information that the NSA and British GCHQ have been actively hacking into security products in order to tack user activities?

*UPDATE* - Google to remove this