Skip to main content
  1. Tech
  2. Gadgets & Tech
  3. Tech Gear

Developer exposes Chrome exploit the NSA would die for

See also

If they haven't heard of this previously, or uncovered it themselves, you have to bet that the NSA is looking at this news story closely. On Wednesday, developer Tal Ater revealed an exploit for Google's Chrome browser that has to have the NSA salivating.

Essentially, miscreants can use your computer's microphone to listen in to your conversation. The problem is that once a website is given permission to use the device’s microphone in Chrome, it can continue to do so even after the original tab is closed.

The problem is Chrome remembers the permission state for an HTTPS-enabled website. So, a hacker, keeping in mind that fact, could open a pop-under window. Since the code is running in a different instance of the website than is in the foreground, none of Chrome's recording icons display.

Ater said he reported the issue to Google back in September of 2013. His bug was even was nominated for Chromium’s Reward Panel where prizes can rise to as much as $30,000. Less than two weeks after his bug report, company engineers said they had found the issue and fixed it. Why, then, is he posting about it? Because months later, they have not rolled the fix out to the wild.

When he asked why the fix hadn't been released, he was given a strange answer. The team said that there was still an ongoing discussion within the Standards group, to agree on the correct behavior, and that “Nothing is decided yet.”

When asked to comment by The Verge, a Google spokesperson said,

We’ve re-investigated and still believe there is no immediate threat, since a user must first enable speech recognition for each site that requests it. The feature is in compliance with the current W3C standard, and we continue to work on improvements.

A video demo of the exploit is embedded.

Advertisement

Don't Miss

  • Division
    Ubisoft Massive exclusive: 'The Division', PS4 & Xbox One, Activision to Ubisoft & more
    Camera
    Games Exclusive
  • Coffee
    A new app allows users to buy unlimited coffee for $45 a month
    Video
    Tech Buzz
  • Dragon
    'Dragon Age: Inquisition' launches this October on PS4 and Xbox One, trailer inside
    Games News
  • Computers
    AT&T looks to bring high-speed internet networks to 100 cities
    Tech News
  • Upcoming
    These are 2014's biggest PS4, Xbox One and Wii U games
    Camera
    Games Feature
  • I Am Alive App
    An app out of Lebanon allows users to alert their loved ones they are alive after a bombing
    Video
    Headlines

Related Videos:

  • RNA Lab
    <iframe width="560" height="315" src="//www.youtube.com/embed/7wYU-1RnPC4?VQ=HD720&amp;autoplay=1"></iframe>
  • Comcast Cares Day Comes to the International District in Seattle
    <iframe width="420" height="315" src="//www.youtube.com/embed/nlMLqvJV3Hg?VQ=HD720&amp;autoplay=1"></iframe>
  • Comcasters Get Early Start on Comcast Cares Day 2014, here at Veterans Home in Orting, Washington
    <iframe width="420" height="315" src="//www.youtube.com/embed/_FoX7XPFmeA?VQ=HD720&amp;autoplay=1"></iframe>

User login

Log in
Sign in with your email and password. Or reset your password.
Write for us
Interested in becoming an Examiner and sharing your experience and passion? We're always looking for quality writers. Find out more about Examiner.com and apply today!