[German]Users of Google's Chrome browser are at risk, that third party may secretly recording audio and video data within the browser, the user can't notice that.
Advertising
The Basics
Google's Chrome browser supports WebRTC, a standard for real time audio and video streaming. This allows a server to record audio and video data from a Chrome client and stream it to third party users. This is a nice feature, the recordings has to be allowed by a user within Google Chrome.
And during recording, a red indicator at the open tab tells, if something will be recorded (see below).
This can be verified on this test site. The problem: The approval to record audio and/or video is asked once for a domain and will be stored within a user's profile.
Advertising
The problem
Developer Bar-Zik found out, that the WebRTC-API can be accessed via JavaScript in a way, allowing in Google Chrome to show a tab less popup window. Within this window audio and video recording may be done without showing an indicator – so the user didn't get a clue about that.
This can be tested on this web site. I've covered the odds and evens in detail within my German blog post. Details may be read also (in English) within this Bleeping Computer article.
Advertising