Chrome bug allows malicious websites to spy on you

google-listening

Chrome is one of the safest browsers out there, but every product has its defects. Google’s browser is not immune to bugs and oversights. The latest bug discovery is proof of this, and it can prove to be dangerous if action is not taken quickly. The discovered bug allows websites to listen via microphone, without the user’s knowledge.

What is the problem?

The issue was discovered by developer Tal Ater, who was nominated to receive a Chromium reward for it back in September. The problem lies within the microphone permission settings, which would allow websites to listen to you by opening a pop-up window in the background. These website can then record all your conversations and sounds.

After giving a website permission to use your microphone, the same site can then keep using it under any instance. Here is a demonstration from the developer who discovered this bug:

The problem has been officially addressed by Google. The Search Giant is working on a fix, but so far it hasn’t delivered a direct solution to users’ browsers. Google seems to believe the issue is not very pressing, as the user does need to give the website permission to use the microphone.

The team is figuring things out with the Standards group, but it has been over four months and users’ privacy is still threatened.

Speech recognition and its place in tech

Speech recognition is a very important part in the future of tech. Services like Google Now, Siri and even Google’s conversational search prove that voice interactions are the future of tech.

Google is making it all safer with the latest updates, which help us recognize which tabs are listening to us, but as we move forward we need to make sure such technology is safe. I use voice recognition with multiple devices, daily. I certainly wouldn’t want apps and websites listening to me when I am not aware of it. Would you?

Screen Shot 2013-11-11 at 2.41.10 PM

[Tal Ater]



  • Steve

    Google Chrome only allows “remembering” of permissions on HTTPS sites.