Developer Tal Ater observed a strange phenomenon related to the microphone permission policies of Chrome that enables the malicious sites to listen to the user’s offline activities. Such malicious websites can generate pop-ups hidden in the background that will keep listening to the user. Tal Ater revealed that a pop-up window still remains open even if he closes all the tabs of Chrome.
The root-cause of the problem lies in the settings related to microphone in Google Chrome. Once the user enables the microphone for certain HTTPS-enabled website, the rule is applied to all the linked pages of the website. If a pop-up is integrated with the website, then it will also use a microphone to listen to the user. This activity doesn’t disturb the tasks of the computer, but it spies on the user. You will not have any idea about this hidden activity since everything is going on in the background. You will have to disable microphone as the only way of defense.
Google engineers have analyzed the problems in detail when the problem was first identified in September last year. They emphasized the fact that there is no immediate threat to the users of Chrome since they have to enable the microphone for speech recognition websites.
Beyond the influence of Chrome, the use of browsers like Hangouts causes significant destruction that doesn’t require reauthorization of microphone. In these cases, your microphone might be enabled forever until you disable it after noticing. Plethora of Apps has approached the market that requires threatening permissions for the users.
The bug of turning microphone on for malicious sites has become destructive with the innovation of apps that don’t ask for enabling the microphone in every new session. Keeping a close eye on the use of your microphone may be a good idea to avoid any hacker to listen to your offline activities.
The bug reported by Tal Ater was considered for the award of Chromium. The problem was eventually resolved by the engineers of Chrome. However, the fix of the problem couldn’t make to the user’s computer yet.