Chrome "Bug" Lets Sites Listen to Your Conversations

  • Google whistleblower:
    "Chrome Bug Lets Sites Listen to Your Conversations"
    http://www.youtube.com/watch?feature=player_embedded&v=s5D578JmHdU 👀

  • I don't think anyone should wait as long as four months before going public with a serious exploit. 24 hours should be long enough for any software company to do something about it — one week at the most.

  • Microsoft (and users of Windows) may thank you if you release a serious exploit four weeks before the next patch day. 😛

  • Originally posted by Pesala:

    I don't think anyone should wait as long as four months before going public with a serious exploit. 24 hours should be long enough for any software company to do something about it — one week at the most.

    It depends on the complexity of the fix and the software you are fixing. Also the fix has to be tested thoroughly so you make sure it doesn't break some functionality.
    While some small companies with a small user base get away with sloppy fixes (caugh, caugh), imagine the outcry if Microsoft would do it frequently.

  • I imagine Microsoft has staggeringly vast amounts of unit tests?

  • To keep it all in perspective, though, the user has to first intentionally enable the microphone at a misbehaving site which, itself, is the only site that can listen in thereafter, regardless of what site a user browses to in the session - provided the misbehaving site first creates a "keep alive" pop-under window behind the Chrome window (so as to hide its presence from the user). If the browser or the pop-under is closed, the exploit ceases. It's still a potentially harmful exploit, but certainly not as bad as if a site could auto-activate a user's mic or if any other site could listen in to a mic after it was somehow activated at a different site.

Log in to reply
 

Looks like your connection to Opera forums was lost, please wait while we try to reconnect.