Google Chrome is eavesdropping on you, developer says

Israeli software developer Tal Ater has found a bug in Google Chrome that allows the browser to eavesdrop on users' conversations.

The bug was brought to Google's attention last year, and the tech giant has a fix ready for the possible security breach. But according to Ater, Google is waiting for direction from World Wide Web consortium (W3C), an organization that directs web development, about what should be done before issuing the update.

"We've re-investigated and still believe there is no immediate threat, since a user must first enable speech recognition for each site that requests it," said a Google spokesperson.

Ater stumbled across the bug, while trying to develop his own voice recognition system. Typically people must allow a website to access to their computer's microphone. One permission is granted, Chrome lets the user know that the microphone is switched on by providing a blinking red dot on the tab for that site.

A video on Ater's site shows how a hacker could use malicious code to start a "pop-under" window and launch the speech recognition system, allowing an unsuspecting user's conversation to be heard by the hacker.

"The malicious site you visited can continue listening in on you long after you have left it," said Ater. "As long as Chrome is still running nothing said next to your computer is private."

[talater.com] [BBC]