Pop-Up behind Chrome Listens to User’s Offline Conversations

Developer Tal Ater observed a strange phenomenon related to the microphone permission policies of Chrome that enables the malicious sites to listen to the user’s offline activities. Such malicious websites can generate pop-ups hidden in the background that will keep listening to the user. Tal Ater revealed that a pop-up window still remains open even if he closes all the tabs of Chrome.

 The root-cause of the problem lies in the settings related to microphone in Google Chrome. Once the user enables the microphone for certain HTTPS-enabled website, the rule is applied to all the linked pages of the website. If a pop-up is integrated with the website, then it will also use a microphone to listen to the user. This activity doesn’t disturb the tasks of the computer, but it spies on the user. You will not have any idea about this hidden activity since everything is going on in the background. You will have to disable microphone as the only way of defense.

Google engineers have analyzed the problems in detail when the problem was first identified in September last year. They emphasized the fact that there is no immediate threat to the users of Chrome since they have to enable the microphone for speech recognition websites.

Beyond the influence of Chrome, the use of browsers like Hangouts causes significant destruction that doesn’t require reauthorization of microphone. In these cases, your microphone might be enabled forever until you disable it after noticing. Plethora of Apps has approached the market that requires threatening permissions for the users.

The bug of turning microphone on for malicious sites has become destructive with the innovation of apps that don’t ask for enabling the microphone in every new session. Keeping a close eye on the use of your microphone may be a good idea to avoid any hacker to listen to your offline activities.

The bug reported by Tal Ater was considered for the award of Chromium. The problem was eventually resolved by the engineers of Chrome. However, the fix of the problem couldn’t make to the user’s computer yet.

  • Harry

    This is not a bug… As stated in the article, you have to specifically give a certain web site permission to use your microphone. The only reason one would do this is if it has a legitimate reason to use the microphone. Presumably, most users will not give a potentially malicious web site permission to use their microphone. Also, Chrome by default has pop-up blocking enabled. Malicious web sites can’t spawn pop-ups unless you specifically turn that protection off. And lastly, a “secret, malicious, hidden” pop-up window is still a Chrome window. At least on Microsoft Windows, window management in the operating system makes it very obvious what windows are open, and when an application is still running with other windows. There is no way to “hide” a Chrome window.