The IT Nerd

If you have a computer with a microphone and you use Google Chrome, this is a security issue you need to be aware of:

While we’ve all grown accustomed to chatting with Siri, talking to our cars, and soon maybe even asking our glasses for directions, talking to our computers still feels weird. But now, Google is putting their full weight behind changing this. There’s no clearer evidence to this, than visiting Google.com, and seeing a speech recognition button right there inside Google’s most sacred real estate – the search box.

Yet all this effort may now be compromised by a new exploit which lets malicious sites turn Google Chrome into a listening device, one that can record anything said in your office or your home, as long as Chrome is still running.

Oh that’s lovely. Google Chrome which is a complex piece of software that’s primarily used to render, interpret and run code fetched from random places on the Internet has the ability to access a microphone without your consent? This sounds almost like something that the NSA has been accused of doing. One wonders what else Chrome can do.

What should also get your attention is Google’s response:

Google’s engineers, who’ve proven themselves to be just as talented as I imagined, were able to identify the problem and fix it in less than 2 weeks from my initial report.

I was ecstatic. The system works.

But then time passed, and the fix didn’t make it to users’ desktops. A month and a half later, I asked the team why the fix wasn’t released. Their answer was that there was an ongoing discussion within the Standards group, to agree on the correct behaviour – “Nothing is decided yet.”

As of today, almost four months after learning about this issue, Google is still waiting for the Standards group to agree on the best course of action, and your browser is still vulnerable.

I bet now that this is public, Google is going to do something about it. Until then, I will not be using Chrome as I like my privacy. Thanks.

This entry was posted on January 23, 2014 at 8:51 am and is filed under Commentary with tags Google, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.