{"id":2960,"date":"2017-05-31T09:10:32","date_gmt":"2017-05-31T07:10:32","guid":{"rendered":"http:\/\/borncity.com\/win\/?p=2960"},"modified":"2022-11-04T11:52:44","modified_gmt":"2022-11-04T10:52:44","slug":"chrome-bug-allows-secret-audio-video-recording","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2017\/05\/31\/chrome-bug-allows-secret-audio-video-recording\/","title":{"rendered":"Chrome bug allows secret audio-\/video recording"},"content":{"rendered":"

[German<\/a>]Users of Google's Chrome browser are at risk, that third party may secretly recording audio and video data within the browser, the user can't notice that. <\/p>\n

<\/p>\n

The Basics<\/h2>\n

Google's Chrome browser supports WebRTC, a standard for real time audio and video streaming. This allows a server to record audio and video data from a Chrome client and stream it to third party users. This is a nice feature, the recordings has to be allowed by a user within Google Chrome.<\/p>\n

\"ChromeWebRTC01\" <\/p>\n

And during recording, a red indicator at the open tab tells, if something will be recorded (see below). <\/p>\n

\"ChromeWebRTC\" <\/p>\n

This can be verified on this test site<\/a>. The problem: The approval to record audio and\/or video is asked once for a domain and will be stored within a user's profile. <\/p>\n

The problem<\/h2>\n

Developer Bar-Zik found out, that the WebRTC-API can be accessed via JavaScript in a way, allowing in Google Chrome to show a tab less popup window. Within this window audio and video recording may be done without showing an indicator \u2013 so the user didn't get a clue about that.<\/p>\n

\"ChromeWebRTC03\"<\/a> <\/p>\n

This can be tested on this web site<\/a>. I've covered the odds and evens in detail within my German blog post<\/a>. Details may be read also (in English) within this Bleeping Computer article<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

[German]Users of Google's Chrome browser are at risk, that third party may secretly recording audio and video data within the browser, the user can't notice that.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580],"tags":[33,69],"class_list":["post-2960","post","type-post","status-publish","format-standard","hentry","category-security","tag-google-chrome","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/2960","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=2960"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/2960\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=2960"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=2960"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=2960"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}