Technology

A Website Could Record Video or Audio Without Any Notification In Chromium

A Website Could Record Video or Audio Without Any Notification In Chromium

A vulnerability in Google’s browser has been reported to the Chromium security team, which would allow a third party to start recording audio or video from the browser without showing any kind of notification to the user.

For this to be possible, you must first give the website permission to use WebRTC. If you do not know what it is, it is a protocol powered by Google for several years and allows modern browsers to make voice and video calls and share P2P files without additional plugins.

Thanks to WebRTC you can use many websites to communicate in real time through audio or video chats, share your screen, share files through P2P, etc.

Web Can Recording Audio Or Video Without Permission

A Website Could Record Video or Audio Without Any Notification In Chromium

Any of those sites that you give permission to establish the protocol, could then record audio or video using a JavaScript code without displaying the graphical indicator as a red dot, letting you know that the process is running.

Who reported the problem has reproduced the situation and has left its own proof of concept exemplifying how the process of recording and even download the file for you to check.

A member of the Chromium team has responded to the report by noting that it does not really seem to be a security problem, simply because WebRTC on a mobile device also does not display an indicator… However they say they will look for ways to improve this situation.

It may not be a security problem if the user has to access give the permissions to WebRTC first, but minimum is a privacy issue, they will not be notified when those permissions are in use, and especially when a site may be Recording for an indefinite period without any type of visual alert.

To Top