A bug in Google Chrome can allow access to your microphone and webcam

chrome bug

Although Google Chrome is the most used browser by users worldwide, this does not mean that it is not free of problems and security breaches. So much so, that vulnerability detected in Google’s browser allows an attacker to record audio or video using our browser and without our permission. It’s a serious privacy breach that in addition to Google Chrome, could also affect other browsers.

This is due to a failure with WebRTC (Web Real-Time Communication) an API that allows the applications of the browser to make voice calls, video chat and p2p file sharing without having to use any plugins. That is, it supports real-time communication as its name implies. However not all are advantages, since one of the disadvantages or risks of WebRTC is that there can occur a local IP address leakage in browsers that also support this API.

In addition to occurring in Chrome, it can also pass in other browsers that support webRTC. In order for an attacker to record audio and video through the microphone and webcam of our computer without our permission, we would have to visit some site that allows the use of webRTC. At that moment is when a Javascript window without header in the form of popup window is frozen, so that the user is not aware of what is happening, as from there you can start to record video and audio taking advantage of the microphone and the webcam of the computer.

A vulnerability that we discussed earlier as well as its affects on Google Chrome and also on other modern browsers that support WebRTC such as Mozilla Firefox itself. Although Google do not think it is a vulnerability as such, we will soon be able to see how a new version or patch for the browser allows controlling this problem.

However, the best way to prevent someone from recording video or audio through the microphone and webcam of our computer when we visit a site that requires the use of WebRTC, is to deactivate this feature directly in the browser. However, if at any time we visit a trusted site that requires the use of the API, we can always re-enable it manually and deactivate it again when we leave the site to prevent other websites that are not trustworthy make use of WebRTC and put us at risk.


Please enter your comment!
Please enter your name here