Monday, August 20, 2018

Older versions of Chrome allow bugs to collect sensitive information via audio & video tags

Older versions of Chrome allow bugs to collect sensitive information via audio & video tags

Recently Masas, a security researcher working with Imperva stated, Google Chrome has a vulnerability due to audio and video tags on the browser. The root cause behind this issue is reportedly Chrome's rendering engine called Blink, which is the thing responsible for this behaviour of the concerned tags. A hacker could easily inject harmful codes into the tags to keep an eye on the responses generated to the requests made to the web domains, such as social media site like Facebook, Twitter, e.t.c.

The bug has the capability to monitor how the events generated are progressing. Based on this information, they can then ask questions about users. The most unfortunate aspect about this is the fact that these installed bugs have the potential to even fool the Cross-Origin Resource, which is a browser feature that forbids such activity to go on.
Moreover, this is not the only harm that could be generated out of this flaw.  There are several other scenarios where this could be "exploited". It is said that bad actors could "target corporate back-ends" with this.


However, the good news is that Google took notice of this issue and has fixed it in the latest Chrome's version, i.e. v68.0.3440.75.