Chrome’s Voice Recognition & The privacy Problem

Chrome bugs allow sites to listen to your conversation. When exploiting bugs in Google Chrome malicious sites can activate your microphone, and listen in on anything said around your computer, even after you’ve left those sites.

Even while not using your computer – conversations, meetings and phone calls next to your computer may be recorded and compromised. As long  as Chrome is running anything can be recorded.

Google is still waiting for the Standards group to agree on the best course of action, and your browser is still vulnerable. Most sites using Speech Recognition, choose to use secure HTTPS connections. This doesn’t mean the site is safe, just that the owner bought a $5 security certificate. When you grant an HTTPS site permission to use your mic, Chrome will remember your choice, and allow the site to start listening in the future, without asking for permission again. This is perfectly fine, as long as Chrome gives you clear indication that you are being listened to, and that the site can’t start listening to you in background windows that are hidden to you.

The main problem is Chrome’s microphone permissions policy. Once you’ve given an HTTPS-enabled site permission to use your microphone in Chrome, every instance of the site has permission, even windows that pop up unnoticed in the background. And since the code is running in a different window, it won’t set off any of Chrome’s recording icons. The only defense is to manually revoke the microphone permission,  most users would never think of doing it.