Tweet
Posted by Timothy Weaver
Israeli developer Tal Ater wrote in a blog post on Wednesday that a design flaw in the Chrome browser allows malicious websites to use your computer's microphone to eavesdrop on you.
Google denies this is the case.
"When you click the button to start or stop the speech recognition on the site, what you won't notice is that the site may have also opened another hidden pop-under window," Ater wrote. "This window can wait until the main site is closed, and then start listening in without asking for permission. This can be done in a window that you never saw, never interacted with, and probably didn't even know was there."
Chrome remembers that you gave a site permission to use the microphone and will maintain that permission between browser sessions without asking for permission again.
Contrary to Google's online documentation, no persistent icon appeared in the system trays of our Windows machines while Chrome was listening.
To make sure that this is not happening to you, choose Settings, click "Show advanced settings...", click Content Settings, then scroll down and select "Do not allow sites to access my camera and microphone."
Israeli developer Tal Ater wrote in a blog post on Wednesday that a design flaw in the Chrome browser allows malicious websites to use your computer's microphone to eavesdrop on you.
Google denies this is the case.
"When you click the button to start or stop the speech recognition on the site, what you won't notice is that the site may have also opened another hidden pop-under window," Ater wrote. "This window can wait until the main site is closed, and then start listening in without asking for permission. This can be done in a window that you never saw, never interacted with, and probably didn't even know was there."
Chrome remembers that you gave a site permission to use the microphone and will maintain that permission between browser sessions without asking for permission again.
Contrary to Google's online documentation, no persistent icon appeared in the system trays of our Windows machines while Chrome was listening.
To make sure that this is not happening to you, choose Settings, click "Show advanced settings...", click Content Settings, then scroll down and select "Do not allow sites to access my camera and microphone."