Printed from http://www.electronista.com

Eavesdropping exploit for Chrome leaked after Google inaction

updated 05:12 pm EST, Thu January 23, 2014

Vulnerability allowed websites to secretly record from a microphone

A security vulnerability in the Chrome browser that allowed malicious websites to secretly record audio through a microphone connected to the computer has been revealed. The exploit, which has been revealed following an apparent lack of progress by Google to implement a patch, could have allowed for the private conversations of nearby individuals to be eavesdropped upon, a developer claims

The flaw, discovered by Tal Ater, allowed sites to record through Chrome's speech recognition system, one employed by Google's desktop voice search extension, without informing the user. While this sounds as if it threatens a user's privacy, the exploit required users to give permission to a site to listen in the first place, though it could still listen in at a later time, when the user was unaware of its recording. "When you click the button to start or stop the speech recognition on the site, what you won't notice is that the site may have also opened another hidden popunder window," advised Ater.



The exploit was revealed to Google's security team privately on September 13th, with suggested fixes identified on September 19th, and a patch created on September 24th. Despite the patch existing, Google is apparently waiting for its web standards group to agree on the patch's release. This delay forced Ater to publish the code for the vulnerability through a website for all to see.

Speaking to The Register, a spokesperson for Google commented "The security of our users is a top priority, and this feature was designed with security and privacy in mind." The spokesperson goes on to claim that the feature "is in compliance with the current W3C specification, and we continue to work on improvements." Earlier this month, Google added a number of new icons for tabs in Chrome, warning if a tab is playing audio, recording, or casting the tab to a Chromecast device.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Kenu Airframe Plus

Simple, stylish and effective, the Kenu Airframe + portable car mount is the latest addition to Kenu's lineup. Released earlier this y ...

Plantronics Rig Surround 7.1 headset

Trying to capture the true soundscape of video games can be a daunting task. Looking to surround-sound home theater options, users hav ...

Adesso Compagno X Bluetooth keyboard

The shift from typing on physical keyboards to digital versions on smartphones and tablets hasn't been an easy for many consumers. Fro ...

Sponsor

toggle

Most Commented

 
toggle

Popular News