Your Chrome Browser is Listening to Your Conversations–and Google Knows It

Your Chrome Browser is Listening to Your Conversations–and Google Knows It

New information from Slashdot today exposes a bug in Google Chrome that means “malicious sites can activate your microphone, and listen in on anything said around your computer, even after you’ve left those sites.  Even while not using your computer – conversations, meetings and phone calls next to your computer may be recorded and compromised.”

Wait…what?  Yes, you read that right.  Let’s look at that again slowly.  There is a bug in your install of Google Chrome that allows anyone to activate your microphone and record anything that occurs around your computer.  Even while you’re not on your computer.  Do you understand the level of intrusion this entails?  Your house is bugged.  Right now.  As you read this, your Chrome browser is wide open, and may be recording you.  Before you throw the “conspiracy theory” flag, look at this.

I discovered this exploit while working on annyang, a popular JavaScript Speech Recognition library. My work has allowed me the insight to find multiple bugs in Chrome, and to come up with this exploit which combines all of them together.

Wanting speech recognition to succeed, I of course decided to do the right thing…

I reported this exploit to Google’s security team in private on September 13. By September 19, their engineers have identified the bugs and suggested fixes. On September 24, a patch which fixes the exploit was ready, and three days later my find was nominated for Chromium’s Reward Panel (where prizes can go as high as $30,000.)

Google’s engineers, who’ve proven themselves to be just as talented as I imagined, were able to identify the problem and fix it in less than 2 weeks from my initial report.

Did Google send that fix to Chrome users with an apology?  No.  Did they include it in an update?  No.  It’s been four months, and Google claims it’s still waiting for its “Standards Group” to “decide on the best course of action.”  Which, as we all know, means “We aren’t changing a thing.”

This means, you’re still vulnerable.  For the love of all that is holy, if you still aren’t changing to Linux, at least get Firefox and beef it up.

Written by

Leave a Reply

Your email address will not be published. Required fields are marked *

Become a Victory Girl!

Are you interested in writing for Victory Girls? If you’d like to blog about politics and current events from a conservative POV, send us a writing sample here.
Ava Gardner