Chrome "Bug" Lets Sites Listen to Your Conversations
-
lodestone last edited by
Google whistleblower:
"Chrome Bug Lets Sites Listen to Your Conversations"
http://www.youtube.com/watch?feature=player_embedded&v=s5D578JmHdU
-
A Former User last edited by
I don't think anyone should wait as long as four months before going public with a serious exploit. 24 hours should be long enough for any software company to do something about it — one week at the most.
-
missingno last edited by
Microsoft (and users of Windows) may thank you if you release a serious exploit four weeks before the next patch day.
-
Deleted User last edited by
Originally posted by Pesala:
I don't think anyone should wait as long as four months before going public with a serious exploit. 24 hours should be long enough for any software company to do something about it — one week at the most.
It depends on the complexity of the fix and the software you are fixing. Also the fix has to be tested thoroughly so you make sure it doesn't break some functionality.
While some small companies with a small user base get away with sloppy fixes (caugh, caugh), imagine the outcry if Microsoft would do it frequently. -
-
blackbird71 last edited byTo keep it all in perspective, though, the user has to first intentionally enable the microphone at a misbehaving site which, itself, is the only site that can listen in thereafter, regardless of what site a user browses to in the session - provided the misbehaving site first creates a "keep alive" pop-under window behind the Chrome window (so as to hide its presence from the user). If the browser or the pop-under is closed, the exploit ceases. It's still a potentially harmful exploit, but certainly not as bad as if a site could auto-activate a user's mic or if any other site could listen in to a mic after it was somehow activated at a different site.
