Google Chrome bug allegedly allows attackers to eavesdrop and record your voice

Advertisement
By NDTV Correspondent | Updated: 13 February 2014 13:01 IST
An alarming bug has been discovered in Google Chrome that could allow attackers to surreptitiously record your voice and everything around you. Israeli web developer and entrepreneur Tal Ater discovered the problem last September while working on a JavaScript speech recognition project. After seeing no concrete action from Google to fix the problem, he has now posted proof to his personal website.

According to Ater's description, the flaw is possible because of the way different parts of Chrome were designed. While there is a clear indication to users on the tab bar when a website has activated your PC's mic or camera, there is no way to display such a notification on popup windows. Thus a website which has been granted permission to use your microphone (such as Google's own homepage, when voice search is enabled) can quietly spawn popups in the background which will inherit the permission but not display any indication that they are recording you.

Websites could thus be compromised, and a user might never know that a pop-under page has opened behind their open browser window. A user would have no way to know such a window is open, and it could be disguised as just another ad.

Advertisement

Compounding the problem, Chrome remembers permissions granted to pages that use the HTTPS protocol, trusting them to be secure. Thus, users aren't even asked to confirm whether they would like to allow a page to activate the mic.

Ater says he contacted Google on September 13 2013 and was informed less than a week later that the root causes problem had been identified. Five days after that, a patch had been developed. Ater says he was nominated for a reward under a Google scheme that pays up to $30,000 (approximately Rs. 18,72,300) to ethical developers who discover and report such bugs.

However the patch was never released to the public or applied to future releases of Chrome. Ater claims that Google does not believe that there is anything wrong with the way Chrome behaves. In a statement to UK news site The Register, Google said, "The feature is in compliance with the current W3C specification, and we continue to work on improvements."

We attempted to recreate the problem and confirmed that Chrome tabs with voice input enabled do display a pulsing red dot in the tab bar, but do not cut off the microphone when the user switches to another tab or program. We were prompted for permission the first time we used a voice input feature on any website, but not on subsequent uses. Furthermore, there is no indication outside of Chrome that anything is being recorded. This means that background windows are indeed capable of recording a user's voice and surroundings without his or her knowledge.

 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Advertisement

Related Stories

Popular Mobile Brands
  1. Everything We Know About the Nothing Phone 4b
  2. Amazon Prime Day 2026: Best Deals on Redmi and Xiaomi Smartphones
  3. Amazon Prime Day 2026: 55-inch Smart TV Deals from Lumio, Samsung and More
  4. Amazon Prime Day 2026: Best Deals on Smartphones Under Rs. 15,000
  5. Best Camera Phones Under Rs. 30,000 for Content Creators in India
  6. Amazon Prime Day 2026: Best Deals on iQOO Smartphones
  1. Amazon Prime Day 2026 Laptop Deals: Best Discounts on HP, Asus, Lenovo, Dell, Acer Models
  2. Best Camera Phones Under Rs. 30,000 for Content Creators in India: Motorola Edge 70 Fusion, Galaxy F56, More
  3. Boat Stone 900 Launched in India With Up to 80W Sound Output, Up to 15 Hours Audio Playback: Price, Features
  4. Cyberpunk 2077 Has Sold 40 Million Copies, CD Projekt Red Confirms
  5. Nothing Phone 1 Receives Final Software Update With Latest Security Patches, Bug Fixes and Improvements
  6. Nokia 235 4G (2026), 215 4G (2026) Launched Alongside Nokia 210 4G, and 200 4G With AI Assistant Button
  7. Samsung Galaxy S27 Ultra Battery Details Leaked; Could Top iPhone 18 Pro Max's Battery Capacity
  8. OnePlus Ace 7 Series Tipped to Feature 185Hz Display, 9,000mAh Battery
  9. WhatsApp Rolls Out Primary Device Support on iPad, Tests New Setup Screen for Android Tablets: Report
  10. Government Directs App Stores to Remove Malicious Apps Used to Disrupt E-Rickshaw Operations: Report
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.