Guy Aharonovsky, an Israel based developer, has exposed the threats posed by a Google Chrome bug, which makes users’ microphones vulnerable to hacking.
As reported by Aharonovsky, the bug lets any website to receive transcripts of the microphone conversations connected to the user’s device even if the user has denied access to microphone. It is made possible by activating Chrome’s old speech API.
The developer discovered this bug while experimenting with a voice recognition feature of Chrome. He informed Google about this bug through the Chromium bug tracker which was marked as low-severity by Google.
As it was not prioritised as important, Aharonovsky published a blog post about it along with a video demonstrating how the exploit works. He also shared it on reddit which got Google’s attention.
Though Google has responded saying “Our security team is actively investigating this issue”, there has been no mention about when they will be able to patch this bug up.
Later, Aharonovsky commented, “This kind of bug could have been marked as just a UX (User Experience) bug and not as a security bug. I won’t share the internal discussion, but I can tell you that it got much more attention as the interest about the issue started to rise.”
“I do not believe it will be dismissed at this point and it seems like they started to look for a way to quickly mitigate this flaw.”
Although there have been no complaints until now from users who may have been affected, this bug should ideally be fixed immediately as all it takes is a careless click.
