Say “Cheese” to your Google Chrome
A newly discovered vulnerability in a popular browser exposes how photos can be taken of unsuspecting users.
Further proof of hackers’ inventiveness appeared last week in the
form of a report regarding a simple trick that allows individuals to
take photos of users browsing the web with Google Chrome – the most
popular browser today.
As you might know, Adobe Flash can use a microphone and a web camera to
interact with a user; it must ask user’s permission beforehand though.
But it turns out in Chrome it’s possible to put an image over this
security dialog, effectively masking it. Users still have to click the
“allow” button, so an overlaying image has to have some kind of
compelling interaction on it – in the screenshot down here, it’s a
“Play” button.
One mouse click – and your photo is ready and uploaded to a hacker’s
server. Most laptops light up a special indicator when web camera is on,
but even if you notice it – it’s already too late. The most affected
platforms are Windows 7, 8, Mac OS X and some versions of Linux.
We are not yet aware of usage of this Chrome imperfection in real-world
attacks, but simplicity and efficiency of this trick makes us once again
think about today’s free flow of private information.
