For info, the Fido U2F extension seems to work reliably in Chrome 39 (which it didn't, for me, in 3. It is still an extension though rather than built into the browser, and is marked as a developer extension. They have extended the list of permissions of the U2F extension to add "Access your Universal 2nd Factor devices", and it asks you when it's accessing the device to allow or block. The reference code (mainly in Java) is at: https://github.com/google/u2f-ref-code