Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Chrome Google Security

Chrome Bugs Lets Sites Listen To Your Private Conversations 109

Posted by Soulskill from the just-what-i-want-from-my-browser dept.
An anonymous reader writes "Last year Google rolled out a new feature for the desktop version of Chrome that enabled support for voice recognition directly into the browser. In September, a developer named Tal Ater found a bug that would allow a malicious site to record through your microphone even after you'd told it to stop. Quoting: 'When you grant an HTTPS site permission to use your mic, Chrome will remember your choice, and allow the site to start listening in the future, without asking for permission again. This is perfectly fine, as long as Chrome gives you clear indication that you are being listened to, and that the site can't start listening to you in background windows that are hidden to you. When you click the button to start or stop the speech recognition on the site, what you won't notice is that the site may have also opened another hidden popunder window. This window can wait until the main site is closed, and then start listening in without asking for permission. This can be done in a window that you never saw, never interacted with, and probably didn't even know was there.' Ater reported this to Google in September, and they had a fix ready a few days later. But they haven't rolled it out yet — they can't decide whether or not it's the proper way to block this behavior. Thus: the exploit remains. Ater has published the source code for the exploit to encourage Google to fix it."
This discussion has been archived. No new comments can be posted.

Chrome Bugs Lets Sites Listen To Your Private Conversations More

Chrome Bugs Lets Sites Listen To Your Private Conversations

Comments Filter:

  • Re:surprise! (Score:2, Informative)

    by zacherynuk ( 2782105 ) on Wednesday January 22, 2014 @07:34PM (#46041177)
    I thought this was a good one: "Xbox One Signout" "Xbox One Signout" [youtube.com]

  • Re:2014 (Score:4, Informative)

    by ackthpt ( 218170 ) on Wednesday January 22, 2014 @07:37PM (#46041207) Homepage Journal

    I don't quite understand why auto popups like Livejasmin or 888casino can be allowed to popunder (I find them on client machines all the time) but when ever I ask one of my firewall to display me a log, update firmware or whatever (sophos & pfsense) the browser blocks it. I 'king clicked a button and the browser blocks it. Users do apparently 'nothing' and gambling and porn appear.

    That said, uninstalling Chrome Browser and returning to firefox has been a great release.

    I've had to return to Firefox just to get away from recent bugs in Chrome. Chrome as a pretty good browser in its time, but it's heading towards the shark on greased water skis.

  • Re:Bugs in Chrome?!? (Score:4, Informative)

    by Bengie ( 1121981 ) on Wednesday January 22, 2014 @07:49PM (#46041303)
    Chrome had a bug, stop the presses!

  • Re:Hardware/OS level indicator (Score:5, Informative)

    by vux984 ( 928602 ) on Wednesday January 22, 2014 @09:19PM (#46042087)

    The built-in camera on my Macbook turns on a hardware light whenever it's being used.

    That is an assumption.

    Mac's are now shipping with the camera power led on a separate software controlled circuit so its no longer the case that the light must be on for the camera to be on (or vice versa).

    Complete failure of secure hardware design. Way to go Apple.

Slashdot Top Deals

If all else fails, lower your standards.

Close