07 August 2013
by Michael Lotfi
According to TechNewsDaily.com, last week Google implemented a new update to its Chrome browser. The update has a new feature called WebRTC (real time communication). This new standardized feature allows for websites and applications to use your system’s camera and microphone.
Previous to the new update, apps and websites had to use a browser plug-in for audio and visual correspondence with a user. A user could easily disable, or choose not to install one of these plug-ins if they so happen to be concerned. However, users who try and disable the feature on Chrome will not be allowed to do so. Furthermore, you cannot refuse the automatic update either, unless you have the know-how to turn off automatic updates on chrome. Chrome does require websites and apps to “ask for permission” to use the feature. However, anyone with even limited computer technology can bypass this in moments.
“The risk isn’t really larger than having Flash installed,” Ullrich told SecurityNewsDaily via email. “Flash already had the ability to access the camera and microphone, and had some vulnerabilities that allowed websites to trick the user into enabling the camera/microphone via clickjacking.” However, users can choose whether or not to have flash, or disable it.
Mozilla Firefox and Microsoft Internet Explorer are working on including WebRTC in future versions.
Google did not immediately respond. However, days after news started to circulate they provided the following statement:
“We are working closely with the W3C [World Wide Web Consortium] to ensure there is a high standard of security and transparency with the GetUserMedia API [which enables WebRTC in Chrome], including ensuring the user is in control of whether and how media is used, and to make any usage transparent through in-product notifications. For example, the user needs to give permission for a site to use the camera by clicking ‘allow’ and a persistent notification that the camera is turned on will be present until the camera is turned off to remind users. Because both the user consent (infobar) and notification mechanisms (system tray and persistent bubble) are in the browser, it’s isolated from website content and therefore much harder to be broken by malicious sites.”
It is not immediately clear how this new technology may affect those who use Chrome and other browsers. However, it does seem to raise some valid concerns.
Tip: If you are concerned about your browser privacy while searching try ditching Google for DuckDuckGo. Using DuckDuckGo allows you to search completely free of most any privacy concerns.