Skip to main content
  1. Home
  2. Computing
  3. Web
  4. Legacy Archives

Chrome browser bug can let malicious sites eavesdrop

Add as a preferred source on Google

If you’re the kind of PC user who covers your machine’s camera for fear of someone hacking into your computer and spying on you, you might want to stick something in the tiny mic hole as well – especially if Chrome is your browser of choice.

A NY Times report Wednesday revealed that a web developer has found a way to listen through a computer’s mic – even when the user thinks it’s off – by exploiting a vulnerability in Google’s browser.

Recommended Videos

The security flaw was uncovered by Tel Aviv-based developer Tal Ater while working on a tool that adds voice recognition functionality to websites.

In a blog post titled ‘Chrome bug allows sites to listen to your private conversations’, Aviv explains how malicious websites can gain access to your mic and listen in on private conversations within earshot of your machine, “even after you’ve left those sites….as long as Chrome is still running.”

In normal circumstances when using Chrome, a red marker appears on a tab when you give a website access to your mic. However, Ater’s discovery shows that even when you think you’ve turned the mic off and the red indicator disappears, or you close the tab, a pop-under window that appeared when you granted the site access ensures that the mic remains active, capturing nearby audio for as long as the browser stays open.

According to a video (below) on Ater’s site, the mic can also be “programmed to stay dormant and only start recording once you’ve said certain interesting keywords” – functionality that may well have NSA agents choking on their coffee in excitement when they find out.

The Web developer explained on his site that he reported the bug to Google’s security team in September, after which they quickly acknowledged the issue. However, four months on, a fix still hasn’t been released.

An unnamed source told the NY Times the Web giant decided not to issue a fix because “the voice recognition tool complies with Web standards,” and instead the company is “working on better visual clues to show that access to the microphone has been given.”

Although Ater says he has no knowledge of any hackers having taken advantage of the flaw, the general message here is for Web users to be sure that any site asking to access a machine’s mic is legitimate.

With voice recognition software expected to gain much wider use in the coming years, Internet giants like Google and Apple will be keen to eliminate these kinds of issues in an effort to allay privacy concerns over such matters.

If you’re a Chrome user and you’d like to check which sites currently have access to your machine’s mic, take the following steps:

– Click on the Chrome menu at the top right of your browser

– Click on Settings

– Click on Show advanced settings at the bottom

– Click on Content settings under Privacy

– Click on Manage exceptions under Media (you’ll need to scroll down a little way for this)

– If you’ve granted access to any sites in the past, they’ll show up here.

[Image: dencg / Shutterstock]

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
How to install macOS 27 Golden Gate public beta on your Mac?
From a smarter Siri to a more reliable Spotlight, here's your full walkthrough for installing macOS 27 Golden Gate's public beta today.
macOS 27 Golden Gate

Along with iOS 27’s public beta, Apple has also released macOS 27 Golden Gate’s public beta build, so that early adopters can get their hands on the new features, including Siri AI, and provide timely feedback to help ensure a stable iOS launch in September. 

If you’re sold on all the new features but don’t want to put your faithful MacBook through developer beta duty, a public beta offers a much more refined experience. To install macOS 27’s public beta, follow the steps given below. 

Read more
Microsoft is finally fixing the worst thing about Windows Search, but you can’t try it just yet
Windows Insiders in the Experimental channel are getting a Search experience that finally feels less of a billboard and more of what users actually need.
Page, Text, Person

Windows Search has been a mess for years, and I do not use that word lightly. Open it to find a file, and you get trending Bing topics, Microsoft Store promotions, and an AI tools tile that just opens a browser. 

That is changing, but not immediately for all users. Microsoft is rolling out a batch of Windows Search improvements to Insiders in the Experimental channel, and for once, this isn't just a fresh coat of paint.

Read more
Apple doesn’t want to share this AirPods feature with Meta, but the EU may force its hand
Spring 2027, EU only, built under DMA pressure.
The front of the Ray-Ban Meta smartglasses.

I’ve been an AirPods user for the last four years, and one of the things that makes it genuinely hard to leave behind is the seamless, almost magical pairing experience across devices. Open an AirPods case near your iPhone, and a pop-up appears within seconds. Switch to your Mac and the audio follows. 

However, the experience is limited only to Apple devices. Doesn’t matter whether you have one of the coolest pieces of tech on the market right now; if it’s not Apple, it won’t get the same treatment. However, that might change for the Meta Quest or the Ray-Ban Meta glasses, thanks to pressure from the EU. 

Read more