Exploit for Google’s Chrome browser can secretly listen to oblivious users

“Google has been pushing hard to incorporate speech recognition features into Web apps,” Jared Newman reports for PCWorld. “But a Chrome exploit that can secretly transcribe your conversations unless you’re paying attention probably wasn’t what the company had in mind.”

“Whenever a website wants to access your microphone, Chrome requires permission,” Newman reports. “A dialog appears at the top of the browser window, and after you give your OK, an icon appears in the tab area, letting you know the microphone is in use. Close the tab or visit another site, and microphone access is supposed to get cut off.”

Newman reports, “But as Web developer Tal Ater discovered, malicious sites can use pop-under windows to keep listening even after the user has gone to another site or closed the main browser window.”

Read more in the full article here.

Related articles:
Why does Google’s Chrome browser ask for your Mac Keychain password? – January 19, 2014
Leaving Google’s Chrome: Why I’ve returned to Apple’s Safari – November 21, 2013
Google has a major security flaw in Chrome browser; accessing passwords is surprisingly easy – August 7, 2013

39 Comments

        1. Probably, depending on your definitions.
          Like the 1.0 terrorist nations, those are the ones wearing turbans right?
          Then the 2.0 they are the ones not wearing turbans right?

          1. Just FYI – the people who wear turbans are Sikhs, whose religion demands that they defend the innocent with everything they have, up to and including their lives, and that they always be armed in order to do so. Since they are semites, like most people in the Middle East, they are often confused with radical Islamists, but they are NOTHING like them.

            If you see two people with head coverings, and you’re trying to escape from danger, I can flat guarantee that the one with a turban is the one you want to run toward. Unless the other one wears the helmet of a US serviceman, in which case it’s a toss-up.

            1. Thanks for your post emmayche, and your point is well taken. I was referring to the radicals (or any organized group) and certainly not the Sikhs, who from my experience are as you have described them.

              I have my own unique ways of avoiding danger but I would try to assist anyone head gear or not to escape it as well.

              I enjoyed the humor of your post, thanks.

    1. Gcrookle loves it even more, they can collect valuable data with which to sell more ads to advertisers to target you with.
      Who is surprised or even outraged by this revelation?

    2. Right Fwhatever, because we all know that President Obama single-handedly created the NSA in 2009 along with all of the legislation and appropriations that gave it extraordinary powers and the resources to execute them. (Colbert-type sarcasm, just in case you don’t recognize it)

      Your dislike of the current Administration has skewed your viewpoint so much that your opinions are worthless.

          1. Your point is sinking in!

            And of course the version of terrorists who hate the USA celebrate every time they hear about a new way in which my country is ruining itself. Wreck the Fourth Amendment? BRAVO. Wreck the First Amendment? LET’S PARTY. Ad nauseam. Who’s ACTUALLY winning in this so called ‘War On Terror’?

            Q: What’s the point of saving the USA if the USA is RUINED in the process?

            It’s going to come down the that question. #MyStupidGovernment, clueless from the left, clueless from the right. 😯

            1. I figured it would be after a while. I think you understand that it is not a point of blame, rather a call to action on what was once in my regards the world’s greatest country. It’s not up to me, it’s not up to the government, it’s up to the good people of America to defend and make those values they hold dear stick.

              At first it was the “War on Terrorism” but now, very sadly so I see it more being the “War of Terrorist”. You can toss the arguments around but that Iraqi invasion, the descent into torture, it’s not the makings of a civilized nation.

              The good people of America need to do something about it if it is going to be changed, because the government is now the issue. If it takes a civil war between your repubican and demoncrats so be it but united you stand strong. This polarization weakens you and brings the shadowy presence into action.

              Good luck, and keep up your posts, they are great.

            2. Your level-headed statement tells me that you are far from being a zealot, in that you can perceive the bits of justice in a fellow’s passionate outpourings, and encourage them, rather than take him to task on every point in futile partisan bickering.

              The grave problems we all face won’t be solved by a platform or a brand — that’s a form of magical thinking. We must find a way to leash our maniacal pride, if we are to work together against the onslaught.

            3. Your post is very heartfelt hannahjs, thank you so much for making it. I am aware that it’s not necessarily important where someone (or a group) is but where they can be. I still feel that the future is bright for humanity, once it can get beyond these global growing pains.

            4. “It’s not the makings of a civilized nation.”

              I agree. It better fits a desperate nation. Also, much of the invention of the invasion of Iraq (and therefore 9-11) was created in Israel and dictated to the Neo-Conservatives, who then made it into their manifesto. I can comprehend why. But it’s all very sick stuff.

              Then there’s the ‘Starve The Beast’ garbage made up by the Neo-Conservatives. (I won’t elaborate on it here as I’m sick of having to constantly do so). Then we have the idiotic Democrats messing up their chance for a great healthcare law, selling out to the related arm of the Corporate Oligarchy. Blahblahblah. The integrity from top to bottom is corrupted. All I can really do is watch. But I talk about it anyway.

            5. Great post Derek, thank you. I think a desperate nation, a nation in pain, a nation that has lost its way can apply. That is why it is so important to stand up for the values that do make a civilized entity when they are being corrupted and eroded.
              As always a pleasure to read this and your other posts. Be well and thanks you and hannahjs have but a smile on my face and fueled the hope in my heart.

        1. As with any organistion, it takes time to get up and running. So, with approvals commencing in 2009 they are probably just getting into their stride by now. But the failure – if that is what it is – happened when approvals didnt come with an adequate governance process. No one in the organisation is going to highlight the unintended or intentional freedoms that came with the original approvals. Until that is someone spilled the beans last year.

    1. Australis, I suspect, will be crypto or not-so-crypto Chrome, since Google bankrolls both.

      With every iteration, Firefox becomes more and more difficult to keep the “do no evil” NSA Lite’s hands off.

      With Australis, all Firefox’s extensions, including those that bolster privacy, will break, and, I suspect, so will the about:config controls.

  1. Déjà Vu All Over Again.

    Does this remind anyone else of Microsoft? Shove software out the door that hasn’t been properly secured? Exploit magnetware? User beware? 👿

    Are we going to end up encouraging everyone to be ‘Google-Free’ for the sake of their safety and sanity? I’m starting to think so. I know some people here already are.

  2. Easy fix just remove the ability to create pop under windows from the program. Unfortunately the company I work for went gmail for corporate use a few years ago and Crome is how we have to access it.

    1. Easier fix – Say no to Google. Sorry to hear that your company is in bed with the devil. 🙁

      (But really, gmail for corporate use? That’s insane. My corporation of 5 has our own domain name and email addresses. Gmail is so unprofessional.)

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.