Google has been incorporating more and more speech recognition and media playback features in its Chrome browser. But now an exploit has been discovered which can allow a malicious site to continue listening to your audio even after you have closed the site.
You are required to give explicit permission to a website before you it can listen to you. Once you grant permission, the site gains access to your microphone. Typically, once you close the site or navigate away from it, the microphone usage by the site stops immediately.
However, in some cases, the website may open another pop-under window which can continue to listen in on your audio. The problem is related to HTTPS site permissions. Once you grant microphone access to an HTTPS website, the site is able to access the microphone every time you revisit that site. This is done to ensure that the user doesn’t have to grant permission every time.
A pop-under window is a separate window and for most users, it can be detected instantly. However, for those who are oblivious towards cyber security, a pop-under window may seem benign and they may ignore it. The result would be that the site would continue to listen to your audio, without your knowledge.
This isn’t exactly a security problem and is more about how to use the microphone permissions. Users must ensure that they grant such permissions only to well-known and trusted websites. Moreover, users should also keep an eye on any pop-under windows that may open up. Such windows should be instantly closed so that no aspect of your browser’s security is compromised.
To check the list of sites that currently have access to your system’s microphone, go to chrome://settings/contentExceptions#media-stream in your Chrome browser. If you are a little too conscious about granting camera or microphone permissions to websites, browse to chrome://settings/content. Here, you will have the option which says, ‘Do not allow sites to access my camera and microphone.’
Courtesy: PC World