Have you ever had a bad dream of someone eavesdropping your private conversations through your browser? Yes, it may happen to be true if you are a victim of a Google Chrome bug. By taking advantage of this bug in Google Chrome, malicious sites can activate your mic on your device, and listen in on anything said around your device, even after you’ve closed those sites.
Yes, Google was made aware of this bug and they have not fixed it yet.
Here is how it works,
A user visits a site, that uses speech recognition to offer some cool new functionality. The site asks the user for permission to use his mic, the user accepts, and can now control the site with his voice. Chrome shows a clear indication in the browser that speech recognition is on, and once the user turns it off, or leaves that site, Chrome stops listening. So far, so good.
But what if that site is run by someone with malicious intentions?
Most sites using Speech Recognition, choose to use secure HTTPS connections. This doesn’t mean the site is safe, just that the owner bought a $5 security certificate. When you grant an HTTPS site permission to use your mic, Chrome will remember your choice, and allow the site to start listening in the future, without asking for permission again. This is perfectly fine, as long as Chrome gives you clear indication that you are being listened to, and that the site can’t start listening to you in background windows that are hidden to you.
When you click the button to start or stop the speech recognition on the site, what you won’t notice is that the site may have also opened another hidden popunder window. This window can wait until the main site is closed, and then start listening in without asking for permission. This can be done in a window that you never saw, never interacted with, and probably didn’t even know was there.
To make matters worse, even if you do notice that window (which can be disguised as a common banner), Chrome does not show any visual indication that Speech Recognition is turned on in such windows – only in regular Chrome tabs.
How to prevent yourself from such attacks? Try the new Internet Explorer 11. Read from the below link on how Internet Explorer is moving forward,