Printed from http://www.electronista.com

Eavesdropping exploit for Chrome leaked after Google inaction

updated 05:12 pm EST, Thu January 23, 2014

Vulnerability allowed websites to secretly record from a microphone

A security vulnerability in the Chrome browser that allowed malicious websites to secretly record audio through a microphone connected to the computer has been revealed. The exploit, which has been revealed following an apparent lack of progress by Google to implement a patch, could have allowed for the private conversations of nearby individuals to be eavesdropped upon, a developer claims

The flaw, discovered by Tal Ater, allowed sites to record through Chrome's speech recognition system, one employed by Google's desktop voice search extension, without informing the user. While this sounds as if it threatens a user's privacy, the exploit required users to give permission to a site to listen in the first place, though it could still listen in at a later time, when the user was unaware of its recording. "When you click the button to start or stop the speech recognition on the site, what you won't notice is that the site may have also opened another hidden popunder window," advised Ater.



The exploit was revealed to Google's security team privately on September 13th, with suggested fixes identified on September 19th, and a patch created on September 24th. Despite the patch existing, Google is apparently waiting for its web standards group to agree on the patch's release. This delay forced Ater to publish the code for the vulnerability through a website for all to see.

Speaking to The Register, a spokesperson for Google commented "The security of our users is a top priority, and this feature was designed with security and privacy in mind." The spokesperson goes on to claim that the feature "is in compliance with the current W3C specification, and we continue to work on improvements." Earlier this month, Google added a number of new icons for tabs in Chrome, warning if a tab is playing audio, recording, or casting the tab to a Chromecast device.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

IDrive cloud backup and sync service

There are a lot of cloud services out there, and nearly all of them can be used for backing up key files and folders. A few dedicated ...

Asus Chromebook C300

When Chromebooks hit the market back in 2011, consumers didn't know what to do with them. The low-cost laptops, powered by Google's Ch ...

Plantronics BackBeat Pro Bluetooth headphones

Looking for a pair of headphones that can do everything a user requires is a task that can take some study. Trying to decide on in-ear ...

Sponsor

toggle

Most Commented

 
toggle

Popular News