Users of Google's Chrome browser are vulnerable to attacks that allow malicious websites to use a computer microphone to surreptitiously eavesdrop on private conversations for extended periods of time...
The attack requires an end user to click on a button giving the website permission to access the microphone. Most of the time, Chrome will respond by placing a blinking red light in the corresponding browser tab and putting a camera icon in the address bar—both indicating that the website is receiving a live audio feed from the visitor.
The privacy risk stems from what happens once a user leaves the site. The red light and camera icon disappear even though the website has the ability to continue listening in. (more)