{"id":2140,"date":"2013-06-24T10:00:22","date_gmt":"2013-06-24T14:00:22","guid":{"rendered":"http:\/\/me-en.kaspersky.com\/blog\/?p=2140"},"modified":"2020-02-26T18:57:34","modified_gmt":"2020-02-26T14:57:34","slug":"google-chrome-camera","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/google-chrome-camera\/2140\/","title":{"rendered":"Say “Cheese” to your Google Chrome"},"content":{"rendered":"

A newly discovered vulnerability in a popular browser exposes how photos can be taken of unsuspecting users.<\/p>\n

\"cheese\"<\/a><\/p>\n

Further proof of hackers\u2019 inventiveness appeared last week in the form of a report regarding a simple trick that allows individuals to take photos of users browsing the web with Google Chrome \u2013 the most popular browser today.<\/p>\n

We are not yet aware of usage of this Chrome imperfection in real-world attacks, but simplicity and efficiency of this trick makes us once again think about today\u2019s free flow of private information.<\/div>\n

As you might know, Adobe Flash can use a microphone and a web camera to interact with a user; it must ask user\u2019s permission beforehand though. But it turns out in Chrome it\u2019s possible to put an image over this security dialog, effectively masking it. Users still have to click the \u201callow\u201d button, so an overlaying image has to have some kind of compelling interaction on it \u2013 in the screenshot down here, it\u2019s a \u201cPlay\u201d button.<\/p>\n

One mouse click \u2013 and your photo is ready and uploaded to a hacker\u2019s server. Most laptops light up a special indicator when web camera is on, but even if you notice it \u2013 it\u2019s already too late. The most affected platforms are Windows 7, 8, Mac OS X and some versions of Linux.<\/p>\n

\"Chrome\"<\/a><\/p>\n

User photos don\u2019t look like valuable loot, but it could be of use to cybercriminals, e.g., for identity theft. Moreover, it\u2019s possible to switch on a microphone in the same way and it won\u2019t produce any noticeable effects, making it easier for hackers to discretely record a user\u2019s conversations.<\/p>\n

We are not yet aware of usage of this Chrome imperfection in real-world attacks, but simplicity and efficiency of this trick makes us once again think about today\u2019s free flow of private information. Users cannot even predict, who, when and to what extent their information is collected and how it\u2019s being used later. The problem is most daunting for smartphone applications<\/a>. \u201cHarmless\u201d web browsing leaks more than just your web browsing history \u2013 third party sites can access your exact location and physical environment via camera and microphone. It is quite complicated to make web browsing truly private<\/a>, but privatizing users\u2019 location and camera is easier. Because these functions are rarely used, it\u2019s possible to disable them using \u201cAdvanced\u201d settings of Google Chrome. If you encounter (once a month, once a year, etc) a site requiring these tools, it will take about 10 seconds to temporarily switch location\/camera on and turn it off a little bit later.<\/p>\n","protected":false},"excerpt":{"rendered":"

A newly discovered vulnerability in a popular browser exposes how photos can be taken of unsuspecting users. Further proof of hackers\u2019 inventiveness appeared last week in the form of a<\/p>\n","protected":false},"author":32,"featured_media":2143,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5],"tags":[75,16,195],"class_list":{"0":"post-2140","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"tag-browser-security","9":"tag-chrome","10":"tag-security-threat"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/google-chrome-camera\/2140\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/google-chrome-camera\/2140\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/google-chrome-camera\/2140\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/google-chrome-camera\/2140\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/google-chrome-camera\/2140\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/google-chrome-camera\/1078\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/google-chrome-camera\/2140\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/google-chrome-camera\/2140\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/browser-security\/","name":"browser security"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/2140","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/32"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=2140"}],"version-history":[{"count":2,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/2140\/revisions"}],"predecessor-version":[{"id":15578,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/2140\/revisions\/15578"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/2143"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=2140"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=2140"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=2140"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}