Google Chrome WARNING – Browser could be covertly filming YOU, here’s why


Google Chrome could enable sites to record audio and video without its users being aware, it has been claimed.

 According to AOL developer Ran Bar-Zik, a flaw within the browser enables malicious sites to record audio and video – without giving away that anything nefarious is happening on your computer. Bar-Zik reported the UX flaw to Google, back in April 2017.
said the flaw was not a valid security threat. As a result, it would not be rushing out a patch to fix the UX issue, blog The Hacker News has reported.

However, the California-based technology company confirmed it would look to find ways to “improve the situation” with future releases.

“This isn’t really a security vulnerability – for example, WebRTC on a mobile device shows no indicator at all in the browser,” a Chromium member replied to the researcher’s report.

“The dot is a best-first effort that only works on the desktop when we have chrome UI space available. That being said, we are looking at ways to improve this situation.”

So, how does the flaw in  Chrome work?The Chrome browser relies on Web Real-Time Communications, or WebRTC, protocols to make and receive audio and video calls without the need for additional plugins.

To protect users’ privacy, web browsers will check with the user whether a certain website has permission to use WebRTC to access the device’s camera and microphone.

Once permission is granted, that site will always be able to access your camera and microphone until you manually revoke WebRTC permissions.

It’s the reason you don’t have to constantly grant Facebook permission to use your camera and microphone each time you login to the website and make a video call.

This is convenient, but could in theory allow previously authorised sites to covertly access your device’s camera and microphone.

To prevent this – web browser have a visual indication whenever audio or video is being recorded.

For example, Chrome uses a small red dot icon within the tab to alert users whenever audio or video streaming is live.

Chrome provides visual indicators whenever approved sites are accessing audio or videoGOOGLE Chrome provides visual indicators whenever approved sites are accessing audio or video

According to developer Ran Bar-Zik, “This record indication is the last and the most important line of defence.”He discovered that any authorised website can pop-up a headless window using a JavaScript code to record audio and video without the displaying the telltale red dot icon in Chrome.

This works because Google Chrome has not been designed to display a red-dot indication on headless windows.

This enables website developers to “exploit small UX manipulation to activate the MediaRecorder API without alerting the users,” Bar-Zik writes.

In order to stay safe, it is possible to simply disable WebRTC.

However those who require the feature should only ever granted permissions to trusted websites – and always look for any other windows spawned by a site that you might not be expecting when using WebRTC features.

Facebook CEO Mark Zuckerberg and former FBI director James Comey have previously admitted they put tape over laptops’ webcams to stop this type of attack.

Granted, tape will not stop hackers or governments recording your voice – it will prevent them watching live video feeds.

Comments (0)

Leave a comment