Today, a coder from Israel named Tal Ater posted in his blog about an exploit in Chrome which could enable malicious websites to gain access to any audio that is picked up by the microphone on your mobile device.
The speech recognition software, which powers features like voice search in Chrome and the Google Now application on select Android devices could even be exploited to the point where your device didn’t even need to be unlocked for conversations and daily activities to be recorded without the user’s knowledge.
Normally a warning will pop up that explicitly requests the permission of the user to run the microphone, accompanied by a red blinking light which informs them the website is pulling data off their tablet, laptop, or phone. This new exploit works by creating a secret dialogue, or “pop under” that automatically grants permissions without alerting whoever is currently operating the system.
Supposedly a fix for the problem was completed somewhere around October of 2013, however the Chrome update team still hasn’t sent it out in anticipation for the World Wide Web consortium (W3c) to make a decision on how the mobile web will develop in the coming months.
A Chrome developer spoke candidly about the issue, expressing their concern for the web browsing product and any vulnerabilities which might become a problem for it in the future.
“The security of our users is a top priority, and this feature was designed with security and privacy in mind. We’ve re-investigated and still believe there is no immediate threat, since a user must first enable speech recognition for each site that requests it.”