Users often grant such permission considering its Chrome browser and maybe it’s harmless. Besides, nowadays, many websites ask for such permissions. Though Chrome has its own line of defense activated to prevent such recordings; there is still a slight chance of developers to exploit small UX manipulation to activate the MediaRecorder API without alerting the users. Thus, the recording may happen without users’ knowledge.
What exactly happens behind the scenes with Chrome Browser
Of course, granting access to audio or video on these devices also gives rise to further hazards such as exposing devices to vulnerabilities. However, to prevent such hazards the browsers developers created two barriers that should prevent or at least mitigate privacy violation. Following is the code that makes the Chrome browser to ask permission.
After getting the user general permission for video and audio usage, the developer get access to the stream of data from those devices. But in order to use this stream, the developer needs to record it. It is done by using MediaRecorder API.
However, as mentioned before, developers can do a small UX manipulation which can make MediaRecorder API work without sending any alert to the users. In this case, Chrome browser won’t have any visual indication that any sort of recording is happening.
Chrome has been made aware about this issue. Until this issue is acknowledged and resolved by Chrome, users are advised to be cautious about granting permissions online, says medium.com.