Chrome Beta brings Security Alerts

Thursday, July 12, 2012 @ 01:07 PM gHale


It is tough when you unveil a beta version of a product and security warnings come out almost immediately, but that is what happened to Google.

The industry titan announced a beta version of its Chrome web browser in a blog post, but experts are already warning there could be a security issue.

RELATED STORIES
New Tool Shows Security Strength
Internet Facing Control System Alert
Utilities Under Daily Attack
Security Firm Finds Attack Signs

The Chrome Beta release grants web apps access to users’ web cams and microphones without a plugin through the Getusermedia application programming interface (API), a method that allows users to interact with HTML5 applications through video and audio devices.

“The Getusermedia API also allows sites to create cool new experiences that weren’t previously possible in the browser. For example, Romuald Quantin and Magnus Dahlstrand at Stinkdigital have created a Magic Xylophone that you can play just by waving your hands in front of the camera,” the blog post said.

However, the director of security research and communication at Trend Micro, Rik Ferguson said Getusermedia could be attractive to criminals.

“We have already seen both banking malware and of course targeted threats that make use of the video hardware of the victim through the installation of malware,” he said. “The criminal simply has to make a JavaScript that requests access to the video and/or audio hardware. Getusermedia does not rely on a local file being created and subsequently uploaded, but instead allows the broadcast of a live stream of audio or video, directly through a web page which increases the security concern.”

F-Secure security advisor Sean Sullivan also highlighted the risks in the Chrome Beta release.

“I’m not as worried about ‘hacking’ as I am things such as click-jacking. Webcam and voice controls must be clicked to enable,” he said. “One other nagging thought I’ve had is to wonder if Google is being very careful with the back end code. Imagine if you were to use voice search but somehow… the mic failed to stop recording and collected too much information — à la Google Street View.”

Regardless of the cautionary warnings, Google said Getusermedia is “the first big step for WebRTC”, a new real-time communications standard that aims to allow high-quality video and audio communication on the web.



Leave a Reply

You must be logged in to post a comment.