place Google AdSense code here

"Even blocking any access to the microphone under chrome://settings/content will not remedy this flaw." he said in a blog post.
Reported vulnerability exploits the “-x-webkit-speech” feature of Chrome’s speech-recognition API and allows a malicious web application to eavesdrop in the background without any indication to the user that their microphone is enabled. He has also published a Proof-of-Concept webpage and a video demonstration, designed to work on Chrome for Mac operating system, but the exploit only works for Chrome for any operating system.In demonstration, he has used HTML5 full screen feature to the indication box.“In Chrome all one need in order to access the user’s speech is to use this line of HTML5 code: that’s all; there will be no fancy confirmation screens. When the user clicks on that little grey microphone he will be recorded. The user will see the ‘indication box’ telling him to “Speak now” but that can be pushed out of the screen and / or obfuscated.”
He has reported the flaw to Google via Chromium bug tracker. They confirmed the existence of the vulnerability, but assigned it 'low' severity level, that means Google will not offer any immediate fix for this flaw.
0 comments: Post Yours! Read Comment Policy ▼
PLEASE NOTE:
We have Zero Tolerance to Spam. Chessy Comments and Comments with Links will be deleted immediately upon our review.
Post a Comment