Google rejects threat from Chrome speech recognition feature

24 Jan 2014

Google has dismissed potential of threat from speech recognition feature in its Chrome browser, which, according to a developer, could be used to listen in on users.

Google rejects threat from Chrome speech recognition featureWeb developer Tal Ater wrote he had uncovered multiple bugs in Chrome while working on a JavaScript speech recognition software library he maintained, called "annyang."

He created an exploit that could let a website continue accessing a computer's microphone after a person thought they had left a website.

Some websites were enabled to allow speech recognition, where the website had access to voice commands from a computer's microphone.

"It may seem I have shot myself in the foot by exposing this," Ater wrote. "But I have no doubt that by exposing this, we can ensure that these issues will be resolved soon."

According to Ater, the internet search company had made a patch ready by 24 September after acknowledging the problem.

The company nominated him for a reward for detecting the vulnerabilities, but Google later decided the issue he had pointed out did not qualify for a bug bounty reward.

However, Google brought out an update to Chrome, and in a statement said, it had designed the speech recognition feature with security in mind and the feature was in compliance with W3C (World Wide Web Consortium) coding standards.

Meanwhile, Gizmodo reported that the Google Chrome browser, which had been named the most-used browser worldwide, had a security flaw that allowed malicious sites access users' computer's microphone and hear everything, Gizmodo reported. According to Gizmodo, the bug was "simple when exploited."

With Google Chrome's voice control, sites can access users' computer through innocent-looking popup ads that activated a microphone.

If users enable voice control through the browser to dictate text or record something else, a malicious site could keep the microphone hot and listen in.

According to Gizmodo, full browser tabs would indicate that a site was accessing users' microphone, but "smaller banner windows" would not show anything.

Users who had never activated Chrome's voice recognition had nothing to worry about this particular security glitch. If they wanted to use the feature, they needed to be careful to activate the microphone only on trusted sites.

Ater, who detailed the exploit online, contacted Google four months ago, and the company confirmed that the system had security flaws.