Israeli developer Ran Bar-Zik (Ran Bar-Zik) discovered a vulnerability in Google Chrome browser that allows web-sites discreetly record video and audio.
The problem is not as serious as it seems, because the sites need user permission to access the audio and video components, but it can adopt attackers to record video and audio content without the user’s knowledge.
The expert informed Google about the problem, but the company said they did not believe her vulnerability.
“In fact, this is not a security vulnerability – for example, WebRTC on a mobile device does not display an indicator in the browser. Point [icon – approx. Ed.] only works in desktop version if there is space available in the user’s Chrome interface. With this in mind, we are considering ways to improve the situation “, – noted at Google.
However, Bar-Zik does not agree with the view tehnogiganta. According to him, a large number of users give permission, not paying attention to what exactly agree. If a user accidentally or inadvertently provide website permission to access the video and audio components, attackers can carry out more complex attacks. For example, an attacker can use a small pop-up windows to run malicious code to gain access to the camera and can take photos or record the movements of the user without his knowledge.