Google Chrome Has a Bug That Lets Any Site Eavesdrop On You - Polidicks

Video detailing the discovery: [media]http://www.youtube.com/watch?v=s5D578JmHdU[/media] [QUOTE]Voice control is an awesomely futuristic way to control your technology like a spaceman, but only if you can trust it. So you might want to stay tight-lipped around Chrome; Google's browser has a dangerous security flaw that can let malicious sites eavesdrop on your every word. Discovered by web developer and Gizmodo reader Tal Ater, the bug in question is simple when exploited. All a malicious site has to do is get you to enable voice control for any legitimate purpose—maybe you want to dictate some text to a webapp, or record some noise for whatever reason—and it can potentially access your computer's mic long after you've navigated away. All it needs to do is shoot out a pop-under window disguised as an ordinary ad, or something similarly innocuous, to keep your microphone hot. As long as it remains open, every noise you make will be sent back to Google through Chrome, and then on to the snoopers for whatever purpose they see fit. And there's no way for you to tell that the site you visited 20 minutes ago is still up to no good.[/QUOTE] [url]http://gizmodo.com/google-chrome-has-a-bug-that-could-let-anyone-eavesdrop-1506483705?utm_campaign=socialflow_gizmodo_facebook&utm_source=gizmodo_facebook&utm_medium=socialflow[/url]

Good thing I use firefox these days.

porn sites should use it to detect underage users

Well, it lets any site that you explicitly allow to record you continue doing so after the tab is closed. Google should just move the recording indicators to a more permanent place on the ui, and let you easily revoke the permission.

[QUOTE=dvc;43631333]porn sites should use it to detect underage users[/QUOTE] "Our algorithms detect that your voice matches that of a prepubescent boy. Disconnecting."

So the bug is exploited by a pop-under window that keeps the line open, so to speak? Is that really an exploit? It's potentially malicious, but it seems logical. I think the problem here is that the site is able to open a pop-under window without permission in the first place.

So are Ad-block users safe? Now I'm really paranoid.

This is less of an exploit and more of a flaw in design (I guess?). You have to give permission to the site before hand, and the site still has to be open for it to work.

[QUOTE=Snowmew;43631641]So the bug is exploited by a pop-under window that keeps the line open, so to speak? Is that really an exploit? It's potentially malicious, but it seems logical. I think the problem here is that the site is able to open a pop-under window without permission in the first place.[/QUOTE] that's a hugely overlooked issue, yeah. it's dumb but seems like a thing that could be pinned on you for not paying attention to new windows opening. This is a lot less concerning than the whole 'facebook cookies that know what you're typing in other tabs while the site is open so they can better target your advertising'

Why not use SRWare Iron instead?

Talking about Chrome as a surveillance device is absurd whereas the whole OS can be turned against you nowadays. Just unplug your microphone when you're done using it. And as for devices with inbuild mics (with Linux): unload the sound input module.

[QUOTE=Zeke129;43631335]Well, it lets any site that you explicitly allow to record you continue doing so after the tab is closed. Google should just move the recording indicators to a more permanent place on the ui, and let you easily revoke the permission.[/QUOTE] Google just added an indicator to tabs that let you see which ones are playing sound. They should add one for active mic with a blinking red dot.

Big Flaw on Google's Part.

yes hi this is being hilariously overblown afaik there's no popunder exploits in chrome at the moment aka the website will open up the popup in front of their site his video is edited just so to imply that there's a popunder exploit

Personally I've found chrome in it's current state is pretty terrible. I just cant stand using it, and although I like a lot of it's features the browser itself is unusable. This though is pretty bad, but not as bad as them taking over 4 months to actually patch it.

Good thing I use an OS with a taskbar. In all seriousness, why don't they just block the site again as soon as you close the page you authorized it to access your mic from?

I tested her little demonstration -- the "wants to use your microphone" prompt still appears when I visit the site. It requires separate permissions for mic usage, so I'm assuming Google already patched it. [IMG]http://i.imgur.com/Ll9X4p2.png[/IMG]

[QUOTE=Binladen34;43632283]Personally I've found chrome in it's current state is pretty terrible. I just cant stand using it, and although I like a lot of it's features the browser itself is unusable. This though is pretty bad, but not as bad as them taking over 4 months to actually patch it.[/QUOTE] because the "super scary popunder" that this "exploit" requires doesn't actually exist so it's not high on the priority list right now

[QUOTE=Soleeedus;43632354]I tested her little demonstration -- the popup still appears when I visit the site. It requires separate permissions for mic usage, so I'm assuming Google already patched it. [img]http://i.imgur.com/Ll9X4p2.png[/img][/QUOTE] nah, she got this popup in the video too it has always been like that

[QUOTE=Reshy;43631290]Good thing I use firefox these days.[/QUOTE]I just simulate using Firefox by putting wax paper over my screen and closing the browser every 10 minutes.

[QUOTE=Reshy;43631290]Good thing I use firefox these days.[/QUOTE] "Hey guys look at me I use a browser that used to be good and I'm trying to be different from the rest of the crowd" Google chrome is actually the most secure browser, so most likely there's far more exploits on Firefox

fuck... they're gonna record me slappin my meat. what the heck snowden, now he wants to listen to me jerk off and listen to the katamari damacy soundtrack? what is the world coming to?

Meh They'll probably go mad listening to the inane nonsense we chat

Jokes on them, I don't have a mic.

[QUOTE=Mingebox;43632586]I just simulate using Firefox by putting wax paper over my screen and closing the browser every 10 minutes.[/QUOTE] I don't think firefox has ever actually crashed for me.

[QUOTE=Mingebox;43632586]I just simulate using Firefox by putting wax paper over my screen and closing the browser every 10 minutes.[/QUOTE] The reason I went to Firefox was because Chrome was having reliability issues. On Google's own search page (tab freezing for no reason). Seems its fixed now, but I'm not going back unless Firefox gives me problems again. I only use Chrome for Google Music.

[QUOTE=AlphaAGENT;43632886]I don't think firefox has ever actually crashed for me.[/QUOTE] Only crashes for me rarely, and that's because Java itself crashed. Reopens all my tabs automatically anyways.

[QUOTE=AlphaAGENT;43632886]I don't think firefox has ever actually crashed for me.[/QUOTE] Ive never had it crash during regular usage, and ive been using it for atleast 6 years. Only time ive had it crash is when it was on a virus/malware filled computer that originally used IE or Chrome, of course everything crashed at that point

While this is a bad exploit, how about just muting/unplugging your mic when you aren't using it for now?

[QUOTE=WhyNott;43632580]nah, she got this popup in the video too it has always been like that[/QUOTE] oops, I meant that the "wants you use your microphone" prompt still appears. I assume most users would know not to manually let an ad/popup use your mic