Published on April 11th, 2014 📆 | 2303 Views ⚑0
Chrome Bug Allow Websites to Eavesdrop on You
A new similar vulnerability in Google Chrome has been discovered by Israeli security researcher, Guy Aharonovsky, claimed that the Chrome’s speech-recognition API has a vulnerability that allows attackers to turn victim's machine into a listening port without asking for any permission, even if your microphone is completely disabled.
"Even blocking any access to the microphone under chrome://settings/content will not remedy this flaw." he said in a blog post.
“In Chrome all one need in order to access the user’s speech is to use this line of HTML5 code: <input -x-webkit-speech="" /> that’s all; there will be no fancy confirmation screens. When the user clicks on that little grey microphone he will be recorded. The user will see the ‘indication box’ telling him to “Speak now” but that can be pushed out of the screen and / or obfuscated.”
He has reported the flaw to Google via Chromium bug tracker. They confirmed the existence of the vulnerability, but assigned it 'low' severity level, that means Google will not offer any immediate fix for this flaw.