What if say you all that your laptop is listening to everything that is being said during your phone calls or other people near your laptop without your knowledge? This is what a security researcher discovered in Google’s web browser.
Beware! Chrome Bug Allows Sites To Spy On You By Secretly Recording Audio/Video
Chrome is undoubtedly the most used and most advanced browser at present. This Google browser can give users all the features that the Internet requires.
However, like any other software Google’s web browser, Chrome also have some security flaws and a new one has been recently discovered. Chrome can record video and audio without showing any alert and without the user knowledge.
The latest Chrome flaw was discovered by an AOL web developer who was working with WebRTC, the new real-time video and audio streaming protocol on the Internet.
According to Ran Bar-Zik, the author of the breakthrough, the flaw is in how Chrome handles WebRTC. Once the video and audio are sent to the browser, it is possible to the site where the WebRTC stream will be sent running javascript that records these elements, not showing the user that they are being recorded.
The normal way to make this alert, and that Chrome uses, is by displaying an alert (red ball) on the tab which is in question, just as we can see when a tab is playing audio.
Although it is a serious problem, its impact is limited because, in order to perform this unauthorized operation, the site that we access must be authorized to access the video and audio of the user. Of course, many users will only authorize these permissions without reading what they’re authorizing.
The tech giant Google has already been alerted to this problem, but interestingly the search giant does not consider it as a security breach. According to Google, in mobile browsers, there is no notification and even on the desktop, it is only displayed when there is space in the interface.
Without this attention from Google, this problem is most likely to remain unresolved, delegating the user the responsibility to pay more attention to these elements and what the sites intend to do with them.
So, what do you think about this security flaw? Simply share your views and thoughts in the comment section below.
