cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
conductorwho
Former Member
Report Inappropriate Content
Message 1 of 2

Chrome Microphone Vulnerability

Was browsing youtube today, and stumbled upon this--

http://mcaf.ee/3evtn

Description "By exploiting bugs in Google Chrome, malicious sites can activate your microphone, and listen in on anything said around your computer, even after you've left those sites. Even when not using your computer - conversations, meetings and phone calls next to your computer may be recorded and compromised."

The user also links to the website talater (dot) com/chrome-is-listening/, which is a demonstration of the vulnerability. That being said, do SiteAdvisor reviewers consider the use (or exploitation) of an end-user's microphone as a criteria in how sites are evaluated?

Message was edited by: conductorwho on 1/27/14 1:39:40 AM CST

Message was edited by: conductorwho on 1/27/14 1:43:20 AM CST
1 Reply
Hayton
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 2

Re: Chrome Microphone Vulnerability

You're referring to the claim by Israeli security researcher web developer Tal Ater that there is a "bug" in Google Chrome that allows a website to open a pop-under window that remains active even after you leave the website and which can activate a system's microphone, thus enabling the site to eavesdrop on you.

First, this is a proof-of-concept at the moment. I don't know of any reports that websites are doing this. The NSA, well, of course. What else do you expect from them ...

Google say this is not a bug but a feature : you have to enable the voice control feature for each website where it is to be used. If that website engages in shady practices by creating an invisible or pop-under window in order to continue to monitor conversations, that would be grounds for down-rating it in site reviews plus, very likely, grounds for legal action against the websiteowner (US only, I suspect). But you would probably have to be able to prove malicious intent rather than carelessness during the software creation process. I leave that discussion to others elsewhere to continue; it has no place here.

http://talater.com/chrome-is-listening/

http://gizmodo.com/google-chrome-has-a-bug-that-could-let-anyone-eavesdrop-1506483705

Update: A Google spokesperson has responded with the following comment:

The security of our users is a top priority, and this feature was designed with security and privacy in mind. We've re-investigated and this is not eligible for a reward, since a user must first enable speech recognition for each site that requests it. The feature is in compliance with the current W3C specification, and we continue to work on improvements.

Or in other words, it seems that voice recognition behavior is working as intended in the current stable build of Chrome as far as Google is concerned. But Google has modified pop-under behavior, and is looking alternative visual indicators for showing when a website is recording.

(my emphasis).

Message was edited by: Hayton on 27/01/14 16:57:59 GMT
How Many Badges Can You Collect?
Ready for a little competition? Members like you are earning badges and unlocking perks for their helpful answers. Are you? Click here to find out.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community