AAPL Stock: 117.81 ( -0.22 )

Printed from

Eavesdropping exploit for Chrome leaked after Google inaction

updated 05:12 pm EST, Thu January 23, 2014

Vulnerability allowed websites to secretly record from a microphone

A security vulnerability in the Chrome browser that allowed malicious websites to secretly record audio through a microphone connected to the computer has been revealed. The exploit, which has been revealed following an apparent lack of progress by Google to implement a patch, could have allowed for the private conversations of nearby individuals to be eavesdropped upon, a developer claims

The flaw, discovered by Tal Ater, allowed sites to record through Chrome's speech recognition system, one employed by Google's desktop voice search extension, without informing the user. While this sounds as if it threatens a user's privacy, the exploit required users to give permission to a site to listen in the first place, though it could still listen in at a later time, when the user was unaware of its recording. "When you click the button to start or stop the speech recognition on the site, what you won't notice is that the site may have also opened another hidden popunder window," advised Ater.

The exploit was revealed to Google's security team privately on September 13th, with suggested fixes identified on September 19th, and a patch created on September 24th. Despite the patch existing, Google is apparently waiting for its web standards group to agree on the patch's release. This delay forced Ater to publish the code for the vulnerability through a website for all to see.

Speaking to The Register, a spokesperson for Google commented "The security of our users is a top priority, and this feature was designed with security and privacy in mind." The spokesperson goes on to claim that the feature "is in compliance with the current W3C specification, and we continue to work on improvements." Earlier this month, Google added a number of new icons for tabs in Chrome, warning if a tab is playing audio, recording, or casting the tab to a Chromecast device.

by MacNN Staff



Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Ultimate Ears Megaboom Bluetooth Speaker

Ultimate Ears (now owned by Logitech) has found great success in the marketplace with its "Boom" series of Bluetooth speakers, a mod ...

Kinivo URBN Premium Bluetooth Headphones

We love music, and we're willing to bet that you do, too. If you're like us, you probably spend a good portion of your time wearing ...

Jamstik+ MIDI Controller

For a long time the MIDI world has been dominated by keyboard-inspired controllers. Times are changing however, and we are slowly star ...


Most Commented