January 27, 2014, 1:19 PM — Last week, web developer and voice recognition specialist Tal Ater discovered a bug in Chrome that could possibly let websites listen in on your computer's microphone. Google says this is a non-issue, but it's still good to know about and, if you have any hesitation about it, something you can prevent.
Ater writes that this exploit "lets malicious sites turn Google Chrome into a listening device, one that can record anything said in your office or your home, as long as Chrome is still running." It works if you visit a site that uses speech recognition and give the site permission to use your microphone. If you close the main site window, the site can still listen in without you knowing in via a hidden popunder window or one disguised as a banner.
This is a pretty remote possibility, to be sure, and it requires users to actually approve of the microphone use on the vulnerable site. With Google Now coming to Chrome any day now, though, and speech recognition no doubt becoming more prominent in the future, you can, at least, review the sites you have allowed access to your microphone and camera--and delete them if you want.
The setting is at chrome://settings/contentExceptions#media-stream
Click on the "x" on any of the lines to remove the site's permissions, and then click Done.
If you want, you can also disable microphone and camera access altogether under chrome://settings/content in the Media section, but that will break voice integration everywhere in Chrome.
For further reading, check out this Forbes article on the ins and outs of this vulnerability/feature.
Read more of Melanie Pinola’s Tech IT Out blog and follow the latest IT news at ITworld. Follow Melanie on Twitter at @melaniepinola. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.