The exploit may allow sites to activate your microphone even after you have exited Chrome.
Google engineers have failed to release a patch to fix a 4-month old exploit which could allow malicious sites to hack user’s microphones through Chrome's voice recognition app.
The company says it has had internal ongoing discussions but has failed to reach a decision to release the update.
According to Annyang programmer Tal Ater-who found the vulnerability four months ago-user's devices will become susceptible to hacker's and spies.
“This may now be compromised by a new exploit which lets malicious sites turn Google Chrome into a listening device, one that can record anything said in your office or your home, as long as Chrome is still running."
The exploit works after a user has given permission to a website to access the microphone for voice recognition purposes. While Chrome indicates the use of the microphone, Ater says malicious sites can continue to listen even after the user has closed the browser. The speech recognition developer says HTTPS connections do not guarantee protection from these sites. Instead, Chrome will not ask for microphone access permission from users in the future, allowing the sites to continue to listen to your conversations.
Atar also warns hidden banners and pop-up windows can also act as a voice recorder which will continue to spy on users even after the browser has been closed. He hopes the patch will make it necessary for sites to show visual indication that Speech Recognition is turned on in such windows.
The dilemma comes only days after Chrome extensions were found to be serving rogue ads through malicious code. Users can report security vulnerabilities and bugs by following these steps.
Source: Talater.com | Image via Logobird
28 Comments - Add comment