A design flaw identified in the latest version of the Chrome browser by a developer would start a sound recording to the PC host without noticing.
In February, Chrome took advantage of an update that allowed it to integrate a voice recognition module to simplify navigation and research and to promote interaction between the user and the browser.
This function only allows, in addition the Google ecosystem, with sites offering their navigation menus. But today the discovery of a flaw casts doubt on the module, as it can present itself as a true gateway to a massive espionage.
Thus, the developer Tal Ater found that voice recognition could be activated without user consent without any notice.
Technically, the user must still give its consent before a website that cannot activate speech recognition and begin recording sound from the microphone to offer navigation aloud. In this case, an icon appears at the tab of the website in question to inform him that he is saved.
However, in the context of the use of the module to a protected HTTPS site, Chrome remembers the permissions granted by the user. It will no longer be asked for permission to record the conversation when it comes to visiting the new Web page.
Worse, in the context of a fraudulent use of the fault, it is possible to activate the voice recognition in a secondary window that automatically hides under the main browser window, thereby making the recording quite invisible to the user.
