Tal Ater, a programmer based in Israel, said Google's browser allows users to click on the microphone icon in the Google Search input box to listen for spoken words that can be recognized by the company's algorithms for text-based search queries.
Google recently released a Chrome extension that allows "hotwording," in which the computer microphone listens constantly for a key phrase like "OK Google," after which it considers any spoken worlds following that as a voice command. In so doing, Ater said, Google may have provided malicious hackers with an opportunity to spy on an unsuspecting user through their computer.
A malicious website could create a hidden pop-under window that would allow recording surreptitiously even after the user who granted recording permission navigated away to another website.
Google has responded by saying it doesn't recognize the issue as a valid security exploit, saying Chrome is safe and performing as expected.
"The security of our users is a top priority, and this feature was designed with security and privacy in mind," the company said in an email statement reported by InformationWeek. "We've re-investigated and still believe there is no immediate threat, since a user must first enable speech recognition for each site that requests it."