Regular citizens are getting a taste of what it's like to be a celebrity, in that the concept of privacy gets whittled away at every turn. Is the government spying on you? That probably depends on what you're doing in your spare time. Are you being watched? Better cover that webcam just to play it safe. Might someone on the opposite side of the world be listening to your conversation? It's possible, especially if you use Google's Chrome browser to surf the web.
According to Gizmodo, there's a security flaw in Chrome that could allow a nosy hacker to access your computer's microphone and keep it hot. For this to work, a malicious website has to get you to enable voice control, which it might attempt for any number of seemingly legitimate purposes, such as dictating text to a web app.
From there, the site fires off a pop-under window under the veil of a regular ad (or something else that may seem benign) to keep your microphone turned on. As long as the pop-under remains open, everything you say could be picked up by your PC's mic and transmitted over the web.
Gizmodo says there are a number of exploits at work here, and though you may feel safe knowing that Chrome's tabs now indicate when your microphone is running, a smaller banner window can listen without revealing itself.
As far as Google is concerned, this capability is a feature of Chrome, not a security hole.
"The security of our users is a top priority, and this feature was designed with security and privacy in mind. We've re-investigated and this is not eligible for a reward, since a user must first enable speech recognition for each site that requests it," Google explains. "The feature is in compliance with the current W3C specification, and we continue to work on improvements."
Should you be worried? Probably not, though you should be careful. Given that this requires the user to initiate Chrome's voice recognition feature and be fooled by a pop-under, this isn't cause for panic. However, it's yet another way your privacy is at risk.