Skip to main content
  1. Tech
  2. Gadgets & Tech
  3. Tech Gear

Developer exposes Chrome exploit the NSA would die for

See also

If they haven't heard of this previously, or uncovered it themselves, you have to bet that the NSA is looking at this news story closely. On Wednesday, developer Tal Ater revealed an exploit for Google's Chrome browser that has to have the NSA salivating.

Essentially, miscreants can use your computer's microphone to listen in to your conversation. The problem is that once a website is given permission to use the device’s microphone in Chrome, it can continue to do so even after the original tab is closed.

The problem is Chrome remembers the permission state for an HTTPS-enabled website. So, a hacker, keeping in mind that fact, could open a pop-under window. Since the code is running in a different instance of the website than is in the foreground, none of Chrome's recording icons display.

Ater said he reported the issue to Google back in September of 2013. His bug was even was nominated for Chromium’s Reward Panel where prizes can rise to as much as $30,000. Less than two weeks after his bug report, company engineers said they had found the issue and fixed it. Why, then, is he posting about it? Because months later, they have not rolled the fix out to the wild.

When he asked why the fix hadn't been released, he was given a strange answer. The team said that there was still an ongoing discussion within the Standards group, to agree on the correct behavior, and that “Nothing is decided yet.”

When asked to comment by The Verge, a Google spokesperson said,

We’ve re-investigated and still believe there is no immediate threat, since a user must first enable speech recognition for each site that requests it. The feature is in compliance with the current W3C standard, and we continue to work on improvements.

A video demo of the exploit is embedded.

Advertisement

Don't Miss

  • Unity
    'Assassin's Creed Unity' preview: Ubisoft comes home to its urban origins
    Games Preview
  • Kindle
    The new 'Kindle Unlimited' program could cause legal troubles for Amazon.com
    Video
    Tech Buzz
  • Destiny
    The 'Destiny' beta: 7 things we absolutely love about Bungie's new franchise
    Games Feature
  • iOS Backdoors
    iOS backdoors: Hidden items found in 600 million devices, is Apple spying on us?
    Headlines
  • Far Cry
    'Far Cry 4' exclusive: Animals, avalanches, oxygen, side content and much more
    Games Interview
  • iPhone Handle
    A young inventor thinks all iPhones should come with one of these gadgets
    Video
    Headlines

Related Videos:

  • Attendees gather at the Apple Worldwide Developers Conference at the Moscone West center on June 2, 2014 in San Francisco, California. Apple CEO Tim Cook kicked off the annual WWDC which is typically a showcase for upcoming updates to Apple hardware and s
    <div class="video-info" data-id="518310091" data-param-name="playList" data-provider="5min" data-url="http://pshared.5min.com/Scripts/PlayerSeed.js?sid=1304&width=480&height=401&playList=518310091&autoStart=true"></div>
  • Nielsen and Facebook partners to gather Mobile TV viewers information
    <div class="video-info" data-id="518249257" data-param-name="playList" data-provider="5min" data-url="http://pshared.5min.com/Scripts/PlayerSeed.js?sid=1304&width=480&height=401&playList=518249257&autoStart=true"></div>
  • Apple and IBM Logo
    <iframe width="560" height="315" src="//www.youtube.com/embed/2zfqw8nhUwA?VQ=HD720&amp;allowfullscreen=true&amp;autoplay=1"></iframe>