Printed from http://www.electronista.com

Eavesdropping exploit for Chrome leaked after Google inaction

updated 05:12 pm EST, Thu January 23, 2014

Vulnerability allowed websites to secretly record from a microphone

A security vulnerability in the Chrome browser that allowed malicious websites to secretly record audio through a microphone connected to the computer has been revealed. The exploit, which has been revealed following an apparent lack of progress by Google to implement a patch, could have allowed for the private conversations of nearby individuals to be eavesdropped upon, a developer claims

The flaw, discovered by Tal Ater, allowed sites to record through Chrome's speech recognition system, one employed by Google's desktop voice search extension, without informing the user. While this sounds as if it threatens a user's privacy, the exploit required users to give permission to a site to listen in the first place, though it could still listen in at a later time, when the user was unaware of its recording. "When you click the button to start or stop the speech recognition on the site, what you won't notice is that the site may have also opened another hidden popunder window," advised Ater.



The exploit was revealed to Google's security team privately on September 13th, with suggested fixes identified on September 19th, and a patch created on September 24th. Despite the patch existing, Google is apparently waiting for its web standards group to agree on the patch's release. This delay forced Ater to publish the code for the vulnerability through a website for all to see.

Speaking to The Register, a spokesperson for Google commented "The security of our users is a top priority, and this feature was designed with security and privacy in mind." The spokesperson goes on to claim that the feature "is in compliance with the current W3C specification, and we continue to work on improvements." Earlier this month, Google added a number of new icons for tabs in Chrome, warning if a tab is playing audio, recording, or casting the tab to a Chromecast device.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

SMS Audio Sync Sport on-ear headphones

When hitting the gym or going out for a trail run, headphones can cause a number of problems. From the ear buds getting slimy with swe ...

Adesso Xtream S3B Bluetooth speaker

Finding a speaker purpose-built for a specific need is challenging. Even when a Bluetooth speaker can be paired with a mobile device, ...

JBL Synchros E40BT headphones

For all the different configurations of headphones on the market, it's always a tough choice for buyers to get something that is just ...

Sponsor

toggle

Most Commented

 
toggle

Popular News