There’s an exploit in Google’s popular Chrome browser that can allow hackers to listen in to a user’s offline conversation through their computer’s microphone even after the tab has been closed. The exploit lies in Chrome’s microphone settings, if a website is given permission to use the device’s microphone in Chrome, it can easily use a pop-up window to keep accessing the microphone and even record while being hidden in the background. Closing the tab will have no effect on the pop-up window’s ability to listen in.
Permission is extended to every instance of an HTTPS-enabled website that’s allowed to use the microphone, hackers only need to run the code in a background window, which won’t tip off any of Chrome’s recording icons. This means that the secondary window can go unnoticed, and user will be unaware that their conversations are possibly being recorded. To make sure this doesn’t happen, users have to manually revoke the microphone permission, something that the average user probably won’t think to do. The exploit has been discovered by a developer called Tal Ater, who first reported it to Google in September last year. The company’s engineers were able to isolate the problem, though they have yet to plug it. A spokesperson for Google has said that they have re-investigated the issue and there’s no immediate threat since users are first required to manually approve permission for each site that wants microphone access. While it continues to work on improvements, Google says that this is in compliance with the current W3C standard.