Chrome Bug Lets Sites Record Audio and Video Without Indicating

[Bot]

A bug within Google Chrome allows websites to record audio and video without any indicators regarding this activity.

The discovery was made by an AOL web developer by the name of Ran Bar-Zik, Bleeping Computer reports. While the bug may seem of massive proportions, it actually isn't all that bad because the malicious website still needs to get the user's permission to access the audio and video components. Therefore, if the user doesn't grant the website the right to listen in, it won't do that.

However, the problem is there and there are ways to weaponize the vulnerability.

How it works
The discovery was reportedly made as the AOL developer was dealing with a website running WebRTC code, which is the protocol for streaming audio and video in real time.

If permission is granted for the website to access the audio and video components, most likely unknowingly as the user tries to dismiss the notification, the website can run JavaScript code that records audio or video content. The content can then be sent over the Internet to the other participants of the stream.

Read more: Chrome Bug Lets Sites Record Audio and Video Without Indicating

 

[tryfon]

I'm starting to worry with all of these bugs coming out with google/chrome

 

[Ink]

I'm starting to worry with all of these bugs coming out with google/chrome

You can globally block these permissions in the settings:


Example:


Alternatively, if you NEVER use your Mic or Camera, you can Disable via Device Manager or Uninstall (not recommended).

Not sure about "video".

 

[Dean Winchestere]

This is another reason why I disable WebRTC. All it does is open holes for privacy invasion. It also leaks real ip if using a VPN.

 

[Malware Person]

well, this isn't good. Google better fix this bug soon, or else I'm not using chrome anymore.

 

[soccer97]

You can globally block these permissions in the settings:
View attachment 152923

Example:
View attachment 152927

Alternatively, if you NEVER use your Mic or Camera, you can Disable via Device Manager or Uninstall (not recommended).

Not sure about "video".

Some PC's have the ability to disable the webcam in the system BIOS at startup as well. Hopefully a fix will be pushed out by Chrome 60.

 

[tryfon]

You can globally block these permissions in the settings:
View attachment 152923

Example:
View attachment 152927

Alternatively, if you NEVER use your Mic or Camera, you can Disable via Device Manager or Uninstall (not recommended).

Not sure about "video".

Do we know if this affects mobile chrome as well?

 

[soccer97]

Some PC's have the ability to disable the webcam in the system BIOS at startup as well. Hopefully a fix will be pushed out by Chrome 60.

Thanks Spawn - in addition you can go to Control Panel > Flash Player and do the same thing - which will affect other browsers if they are actually affected in the future

 

[Entreri]

That is bad. At least for my laptop, I taped over and disabled microphone via reg edit.

I previously disabled them both via device manager, but M$ (Win10), enabled them after some time.