In January 2014, Google was informed of new Chrome vulnerability that could allow any website to turn the microphone or camera on your computer on and spy on you. Google hasn’t so far taken the vulnerability seriously. If you aren’t comfortable with having this security hole on Chrome, here’s what you can do.
How does this vulnerability work?
Any time you give permission to websites to access your camera or microphone, Chrome makes a permanent record of your preference – every page on that website will be able to access your camera and microphone any time you visit in the future. This is a threat not because the website could suddenly decide to go rogue one day and begin to listen in on your conversations, but because it could be attacked by a hacker one day who surreptitiously installs spyware on it. When that happens, you could have tiny pop-up window open up in one corner of the website each time you go there. You may be able to see it record everything you do or say.
Protecting yourself is easy
Google certainly did take at least some note of the vulnerability – they developed a fix for it. Unfortunately, they changed their mind after they developed the fix and let the vulnerability be. They argue that the problem is likely to affect only a few users – those who go to a website, give them permission, see it get hacked, not notice the pop-up window ad not notice the red dot in their address bar that indicates an active recording device. Still, if you wish to protect yourself, here’s what you do.
The methods available to you
On Chrome, you need to type the following string into the address bar: Chrome://settings/contentExceptions#media-stream . This opens up Chrome’s settings page with the dialog boxes for Content settings and Media Exceptions showing. Here, you’ll see a list of all the websites that have your permission to use your microphone and your camera. When you see a site that you would like to deny permission to, you simply need to cross it out. When you click Done , you are secure from this threat.
There is another way to deny websites use of your microphone and camera. You need to go to Chrome://settings/content , go to the bottom of the page, where you see the Media category and select the option Do not allow any sites to access my camera and microphone instead of the previously selected Ask me when a site wants to use a plug-in to access my camera and microphone . When you choose this global control option, though, there’s collateral damage — you will have Google’s conversational search shut down, too.
You mustn’t let Adobe Flash worry you
Many sites use Adobe Flash for access to your camera and microphone. The settings above don’t affect what Adobe flash does. If you wish to deny Adobe Flash use of your microphone and camera in addition, you need to use a separate set of Settings to shut it down. The Media exceptions screen gives you a link that allows you to change the settings on Adobe Flash.