Be careful what you say when visiting voice-controlled websites on Google Chrome. Recently, a security expert discovered that malefactors could leverage the browser’s voice-recognition abilities to invade users’ privacy, but Google has yet to implement his recommended fix.
Tal Ater, the Israeli programmer behind the “annyang!” speech-recognition script for websites, discovered the vulnerability last September. He submitted a report through the proper Google channels, and received a response right away that engineers were addressing the issue.
However, even though Google has a solution ready, the company has yet to implement it.
The flaw is hardly a trivial one. Most sites that use voice recognition also use secure HTTPS servers. Since the sites are supposedly secure, Chrome does not need to ask permission every time the site wants to run voice-recognition software. Under ordinary circumstances, this is a convenient way for users to interact with their favorite sites, and eliminates a tedious step.
