Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Chrome Flaw Sets Your PC's Mic Live

Posted by timothy on from the lives-of-others dept.

First time accepted submitter AllTheTinfoilHats (3612007) writes "A security flaw in Google Chrome allows any website you visit with the browser to listen in on nearby conversations. It doesn't allow sites to access your microphone's audio, but provides them with a transcript of the browser's speech-to-text transcriptions of anything in range. It was found by a programmer in Israel, who says Google issued a low-priority label to the bug when he reported it, until he wrote about it on his blog and the post started picking up steam on social media. The website has to keep you clicking for eight seconds to keep the microphone on, and Google says it has no timeline for a fix." However, as discoverer Guy Aharonovsky is quoted, "It seems like they started to look for a way to quickly mitigate this flaw."

4 of 152 comments (clear)

  1. Re:Google had to have put this in on purpose by MozeeToby · · Score: 4, Informative

    Of course it's built in, it's part of the "ok google" keyword that Google Now (recently added to the Chrome browser) uses to detect an incoming command. The flaw is that transcript is kept for any length of time and that it's available to websites being viewed.

  2. Re:Google had to have put this in on purpose by Anonymous Coward · · Score: 4, Informative

    speech-to-text

    Not sure why everybody keeps writing text-to-speech even though that makes no logical sense in this context :)

  3. He only gave Google 2 days before going public? by Dahan · · Score: 5, Informative

    So, no thanks to TFA, I found the actual bug report, and it turns out the guy went public less than 2 days after reporting the bug to Google. Talk about impatient. And it's not true that "Google issued a low-priority label to the bug when he reported it, until he wrote about it on his blog and the post started picking up steam on social media". It's true that it was originally given a low-severity label at first, it was bumped to medium a day-and-a-half later, then up to high a few hours after that--around the same time that he went to reddit about it. Not exactly sure if it was before or after, since I don't know the timezone of the times reported on Chrome's issue tracker, but one of the comments from Google says that they had already bumped the severity rating before they knew about him going public.

  4. Re:Google Voice Search Isn't On By Default by noh8rz10 · · Score: 4, Informative

    they say "To improve processing of your voice input, Google may record a few seconds of ambient background noise in temporary memory at any time.". I take this to mean, they are recording constantly into a buffer at all times.