A fairly new vulnerability in Chrome exposes how photos can be taken of unsuspecting users.
Adobe Flash player can be utilized to work with your microphone and web cam but, it must require the user’s permission in advance. It turns out in Chrome it’s possible to put an image over this security notice, masking it.
Users still have to click the “allow” button, so an overlaying image still requires some kind of interaction – in the screenshot below (Provided by Kaspersky), it’s the play button.
This could be of utilized for identity theft. Furthermore, it’s possible to turn on a microphone in the same way and it will not make any noticeable effects, allowing criminals to record without the users knowledge.