web developer tal ater warned of a chrome exploit that would allow an unscrupulous website to listen in to your computer’s microphone while you speak and use your camera at any time. google supposedly dismissed the issue, but if you’re wondering what the whole shabang means for you, here’s the lowdown:
once you give a site permission to use your microphone or camera, chrome assumes that site will have permission to do so at any time in the future. that means every instance of that site, every page on that site, also has access to your camera and microphone, meaning a sketchy site owner could throw up a pop-under window in the background that’s listening in to everything you say, or worse, listening and set to trigger some action (like recording) when you say specific words or phrases.
this was reported to google back in september. for their part, google doesn’t see it as a problem, and say, ‘in order for the issue to be a real threat, not only do you have to visit a site that would want to record your speech, you’d have to grant it access to your microphone, and then you’d have to not notice a pop-under window from that site lingering in the background. plus, you’d also have to not notice the visual cue (a red dot in the omnibar) that indicates the microphone is active.’ even so, google’s engineers did respond to this report, did come up with a fix that addressed the issue, but—and this is the confusing part— didn’t push that fix.
this is why firefox has always been my favorite. by lb