Chrome bug allows sites to listen to your offline conversations

A bug in Chrome website allows hackers to listen and record private conversations even after you close the tab.

By Silky Malhotra Published Date
22 - Jan - 2014
| Last Updated
22 - Jan - 2014
Chrome bug allows sites to listen to your offline conversations

A new bug in Google Chrome, allows malicious sites to activate your microphone, and listen in on anything said around your computer, even after you’ve closed those tabs.

The bug works even if you are not using your computer, but take any phone calls and conversations around your laptop. Malicious site can change your Google chrome into a listening device and record and compromise conversations in your home of office as long as Chrome is running.

The core of the problem is Chrome's microphone permissions policy. Once the user has given an HTTPS-enabled site permission to use your microphone in Chrome, every feature on the site has complete permission. Chrome does not give any visual indication that Speech Recognition is turned on which allows it to go undetected. The only solution to the problem is if the user manually revokes the microphone permission.

The bug was first reported in September by developer Tal Ater and nominated for Chromium’s Reward Panel. Google's engineer's were able to isolate the problem, but even after 4 months the solution has not reached the desktop users.

With Google, Apple and other internet giants working on improving voice search, this could pose as a serious problem. And as the apps become more common, the privacy problem would only grow with them. Ater says that's what makes the bug so serious. "Authorizing a site to use speech recognition will soon be as common as talking to Siri," he said.

A Google spokesperson said, "we’ve re-investigated and still believe there is no immediate threat, since a user must first enable speech recognition for each site that requests it. The feature is in compliance with the current W3C standard, and we continue to work on improvements."

Goggle recently removed two chrome extensions that were forcing users to watch pop-up ads. The internet giant removed "Add to Feedly" and "Tweet This Page," after getting receiving numerous complaints from users about the ads. Google stated that extensions violated the company's Terms of Service.

Source: Tal Ater, TheVerge