Chrome browser bug can let malicious sites eavesdrop

chrome browser bug can let malicious sites eavesdrop microphone

If you’re the kind of PC user who covers your machine’s camera for fear of someone hacking into your computer and spying on you, you might want to stick something in the tiny mic hole as well – especially if Chrome is your browser of choice.

A NY Times report Wednesday revealed that a web developer has found a way to listen through a computer’s mic – even when the user thinks it’s off – by exploiting a vulnerability in Google’s browser.

The security flaw was uncovered by Tel Aviv-based developer Tal Ater while working on a tool that adds voice recognition functionality to websites.

In a blog post titled ‘Chrome bug allows sites to listen to your private conversations’, Aviv explains how malicious websites can gain access to your mic and listen in on private conversations within earshot of your machine, “even after you’ve left those sites….as long as Chrome is still running.”

In normal circumstances when using Chrome, a red marker appears on a tab when you give a website access to your mic. However, Ater’s discovery shows that even when you think you’ve turned the mic off and the red indicator disappears, or you close the tab, a pop-under window that appeared when you granted the site access ensures that the mic remains active, capturing nearby audio for as long as the browser stays open.

According to a video (below) on Ater’s site, the mic can also be “programmed to stay dormant and only start recording once you’ve said certain interesting keywords” – functionality that may well have NSA agents choking on their coffee in excitement when they find out.

The Web developer explained on his site that he reported the bug to Google’s security team in September, after which they quickly acknowledged the issue. However, four months on, a fix still hasn’t been released.

An unnamed source told the NY Times the Web giant decided not to issue a fix because “the voice recognition tool complies with Web standards,” and instead the company is “working on better visual clues to show that access to the microphone has been given.”

Although Ater says he has no knowledge of any hackers having taken advantage of the flaw, the general message here is for Web users to be sure that any site asking to access a machine’s mic is legitimate.

With voice recognition software expected to gain much wider use in the coming years, Internet giants like Google and Apple will be keen to eliminate these kinds of issues in an effort to allay privacy concerns over such matters.

If you’re a Chrome user and you’d like to check which sites currently have access to your machine’s mic, take the following steps:

– Click on the Chrome menu at the top right of your browser

– Click on Settings

– Click on Show advanced settings at the bottom

– Click on Content settings under Privacy

– Click on Manage exceptions under Media (you’ll need to scroll down a little way for this)

– If you’ve granted access to any sites in the past, they’ll show up here.

[Image: dencg / Shutterstock]

Smart Home

Facebook Portal and Portal+ video-calling devices gain new content and features

Facebook's Portal devices are video smart speakers with Alexa voice assistants built in that allow you to make calls. The 15-inch Portal+ model features a pivoting camera that follows you around the room as you speak.

Our favorite Chrome themes add some much-needed pizzazz to your boring browser

Sometimes you just want Chrome to show a little personality and ditch the grayscale for something a little more lively. Lucky for you, we've sorted through the Chrome Web Store to find best Chrome themes available.

Windows Update not working after October 2018 patch? Here’s how to fix it

Windows update not working? It's a more common problem than you might think. Fortunately, there are a few steps you can take to troubleshoot it and in this guide we'll break them down for you step by step.

Here’s how to install Windows on a Chromebook

If you want to push the functionality of your new Chromebook to another level, and Linux isn't really your deal, you can try installing Windows on a Chromebook. Here's how to do so, just in case you're looking to nab some Windows-only…

Microsoft’s Windows 95 throwback was just an ugly sweater giveaway

Microsoft's "softwear" announcement wasn't what we had hoped for. Thursday's announcement was not the new line of wearable tech or SkiFree monster sweater we wished for. But it did deliver the 90s nostalgia we wanted.
Home Theater

Confused about LED vs. LCD TVs? Here's everything you need to know

Our LED vs. LCD TV buying guide explains why these two common types of displays are fundamentally connected, how they differ, what to look for in buying an LED TV, and what's on the horizon for TVs.

Canada’s winters inspired a startup to warm homes with cryptomining heat waste

Cryptomining may be the key to untold riches and the future of currency, but it’s also an environmental nightmare. Heatmine, thinks it has the answer, but it could mean bolting a mining rig onto every home and business in the country.

The best MacBook deals for December 2018

If you’re in the market for a new Apple laptop, let us make your work a little easier: We hunted down the best up-to-date MacBook deals available online right now from various retailers.

How to connect AirPods to your MacBook

If you have new AirPods, you may be looking forward to pairing them with your MacBook. Our guide will show you exactly how to connect AirPods to MacBook, what to do if they are already paired with a device, and more.

Hitting ‘Check for updates’ in Windows 10 opts you into beta releases

Users who are careful about keeping their system updated should watch out -- Microsoft revealed this week that clicking the Check for updates button in Windows can opt you in to testing beta code.
Product Review

The Asus ZenBook 14 is a tiny notebook that gets lost in the crowd

The ZenBook 14 aims to be the smallest 14-inch notebook around, and it succeeds thanks to some tiny bezels. Performance and battery life are good, but the notebook lacks a standout feature other than size.

Secure your Excel documents with a password by following these quick steps

Excel documents are used by people and businesses all over the world. Given how often they contain sensitive information, it makes sense to keep them from the wrong eyes. Thankfully, it's easy to secure them with a password.

Which Macs are compatible with MacOS Mojave?

Is your computer ready for Apple's big Mojave update? Here's what you need to know about MacOS Mojave compatibility, what Macs can successful download Mojave, and the requirements you need to know about.
Emerging Tech

Awesome Tech You Can’t Buy Yet: Booze-filled ski poles and crypto piggy banks

Check out our roundup of the best new crowdfunding projects and product announcements that hit the web this week. You may not be able to buy this stuff yet, but it sure is fun to gawk!