Sunday, April 13, 2014

Second Eavesdropping Bug is Found in Google Chrome

A security blogger has discovered a flaw in Google Chrome that allows attackers to turn any victim's machine into a listening post.

A blogger named Guya explained that a deprecated speech API known as "x-webkit-speech" can be harnessed to run in the background without any indication to the end user that their microphone is on. His blog post includes a video that demonstrates the flaw, which you can view below.

A developer simply needs to add a single line of code to a website to exploit the bug and gain access to an audio feed of the victim's environment. (more)