Imagine all your conversations being heard by your laptop while you are on phone or interacting with a person near your laptop. A major security revelation by a security researcher in Google’s We Browser.
Chrome Bug Permits sites to have an eye on you by discreetly recording Audio/Video
Chrome is one of the most extensively used web browser and provides a range of features to its users.
However, like other software, Chrome also possess some vulnerabilities which puts a user’s privacy to risk as discovered by a security researcher. It can capture Audio & Video of the user without its consent prior giving any alert or notification.
The respective flaw was discovered by an AOL web developer who was working with WebRTC, the new real-time audio and video streaming protocol on internet.
As per Ran Bar-Zik (the author of the flaw) reports, the flaw is in how Chrome handles WebRTC. Once the audio and video are sent to the browser, it is possible to the site where the WebRTC stream will be sent running java script that records these elements, not intimidating the user that they are being captured.
The standard way chrome uses to show such an alert (red ball) on the tab which is in question, just as we can see when a tab is playing audio.
Although it is a critical flaw, still its impact is restricted because the site must be authorized to access the audio and video of the user to perform this unauthorized operation. Undoubtedly many users will authorize such permissions without properly reading them.
Google has already been intimidated about this issue, but it does not consider it as a security breach. According to the report of Google, in mobile browser no such notification is received and while accessing on the desktop it is displayed only when the interface has enough space.