Web developers can exploit bugs in Google’s Chrome browser to listen through a computer’s microphone — even if the browser window is not open, according to a developer who publicly reported the vulnerability Wednesday.
The developer, Tal Ater, works at a tech start-up in Tel Aviv and also created a popular library for adding voice recognition to websites. While working on these tools, he found several bugs that together could be exploited to listen to people’s conversations near a computer surreptitiously.
“What you see here essentially turns Google Chrome into an espionage tool that compromises your privacy in your office or your home, even when you’re not using your computer,” according to a video demonstrating the technique on Mr. Ater’s site.
Chrome users can ensure that malicious sites do not have access to their microphones by refusing to grant them access, which sites must request. They can see which sites they have given permission in a six-step process. (Click the Chrome menu; click “settings”; click “show advanced settings”; click “content settings” under “privacy”; click “manage exceptions” under “media”; view the list and rescind permission if desired.)
In a statement, Google said, “The security of our users is a top priority, and this feature was designed with security and privacy in mind.”
The company added that a Chrome user must first turn on speech recognition by clicking a button, allowing a website to have access to the computer’s microphone, and that the feature was in compliance with web standards. Also, some sites request permission to get access each time the site is opened.
SOURCE: CLAIRE CAIN MILLER
New York Times: Bits