Chrome bug allows secret audio-/video recording

[German]Users of Google's Chrome browser are at risk, that third party may secretly recording audio and video data within the browser, the user can't notice that.


Advertising

The Basics

Google's Chrome browser supports WebRTC, a standard for real time audio and video streaming. This allows a server to record audio and video data from a Chrome client and stream it to third party users. This is a nice feature, the recordings has to be allowed by a user within Google Chrome.

ChromeWebRTC01

And during recording, a red indicator at the open tab tells, if something will be recorded (see below).

ChromeWebRTC

This can be verified on this test site. The problem: The approval to record audio and/or video is asked once for a domain and will be stored within a user's profile.


Advertising

The problem

Developer Bar-Zik found out, that the WebRTC-API can be accessed via JavaScript in a way, allowing in Google Chrome to show a tab less popup window. Within this window audio and video recording may be done without showing an indicator – so the user didn't get a clue about that.

ChromeWebRTC03

This can be tested on this web site. I've covered the odds and evens in detail within my German blog post. Details may be read also (in English) within this Bleeping Computer article.


Advertising

This entry was posted in Security and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).