Apple - Why does Chrome need access to Bluetooth?
Modern Web APIs allow web sites to run code that communicates with your Bluetooth devices using the Web Bluetooth API - after you have given permission in each specific instance.
This particular prompt gives Chrome access to Bluetooth, which is necessary for Chrome to be able to offer that functionality to web sites.
You can find some technical examples of Bluetooth usage made possible by the Web Bluetooth API here:
Web Bluetooth Samples
In regards to actual use, it could be useful for controlling almost any kind of Bluetooth-enabled device. Imagine for example a new smart home device that you could setup by visiting a web site - instead of having to install an app or similar. Other examples could be RFID scanners, receipt printers, busy-lights, and so on.
Here's a GitHub repository with code examples for various fun demos:
Web Bluetooth Demos
For example, it includes controlling racing cars, a toy plane, a receipt printer and an LED pixel display.
Chrome doesn’t need this access, but it wants it for sure or it wouldn’t have asked Apple SDK to grant access to the hardware.
https://support.apple.com/en-us/HT210578
Apple started warning people on iOS quite a while back since this access is elevated past what is needed for accessories like headphones to work.
Clearly some developers and people intercepting otherwise legitimate traffic have abused this access. Now that privacy warning is added to macOS.
This is part of Apple ensuring that developers have to ask us before they gather information from devices.
Google does make money selling targeted advertisements, so gathering this can enhance their services. You could have specific needs for Chrome to access bluetooth drivers directly, but since there are privacy implications granting Bluetooth access to any application Apple went to lengths to alert you before that happens.
Do some research if you’re not comfortable with yielding such localized information as 100 % of the Bluetooth beacons/devices/products in range of your computer to apps. This sort of collection is one very lucrative part of the industrial advertising complex to generate and sell location-specific data. Yes, most responsible companies then try to anonymize the data, but if you don’t collect it, it can’t be leaked or abused. Not all apps are selling this data, but some are.
To reiterate, you don’t ever need to grant this for mouse, audio, microphone access since apps can use proper API for those functions. This prompt grants full access to the entire Bluetooth stack to use Bluetooth radio data and scan your paired devices and location traffic.
I say no to these until it’s clear I need it for a specific task.
The official Google Support mentioned some of the Bluetooth usages on Chrome:
Connect a website to a Bluetooth or USB device
Chrome lets you connect a website to your Bluetooth and USB devices. For example, if you have a Bluetooth-enabled heart monitor, you can let a website connect to it. Then, the page can record and show information about the monitor.
jksoegaard's answer explains this in more detail.
Use your phone's built-in security key
You can use 2-Step Verification to help protect your account from hackers, even if they’ve stolen info like your password. You can set up your phone’s built-in security key to safely sign in on Chrome OS, iOS, macOS, and Windows 10 devices.
When a supported Android, iPhone, or iPad device is added as a security key, Chrome will prompt the user to turn on Bluetooth on both the host machine (e.g. macOS) and the phone when logging into your Google account.
Use your phone's built-in key to sign in to new devices
- Make sure Bluetooth is turned on for both devices.
- [...]
(emphasis added)