Developer Tal Ater has discovered a surprising bug in Google Chrome which could allow malicious sites to listen to you through your computer’s microphone. Once your microphone has been activated by a page, the bug means it could stay active even when you close it, as long as Chrome stays open.
Tal Ater reported this bug to Google’s security team in September 2013, but months later a fix is still in discussion, leaving users vulnerable to this microphone exploit.
For the bug to be exploited, a site has to ask you for permission to use your microphone. It could be voice search, or any other legitimate use for a microphone, and voice recognition is becoming more popular as the technolgy has improved.
Tal Ater has discovered that it’s possible for a site that has your permission to use the microphone to open a ‘pop-under’ window that you might not notice, when you close the page. This pop-under window would maintain the microphone permission you gave Chrome, but unlike a tab, you would not see the icon telling you your microphone is active.
Tal Ater uploaded a video to YouTube explaining the bug and how it could be exploited.
RELATED STORIES
- Android suffers 99% of all mobile malware attacks
- Google removes adware-serving chrome extensions from store
- Starbucks app vulnerable to hacking
[Source: Tal Ater]
