Information Security
web-browser password-management browser-extensions screen-capture
Updated Wed, 21 Sep 2022 22:41:23 GMT

Credential theft by browser conferencing software?


While using the webex conference software, I noticed that simply pressing a "share content" button allows me to share my full screen. There was no security confirmation from my webbrowser (chrome): enter image description here

I am very reluctant to installing extensions and use essentially a plain webbrowser.

As someone who has applications as online banking and password managers open all the times (although these often mask passwords, but still show a lot of confidential information) I am very alarmed about this.

I do not see how this feature is working or why the browser should be allowed to access screen content. Is there a way to disable this or at least pop up a confirmation? And is there a general way to secure some applications from being screen captured?




Solution

it will be much easier for you to switch to another desktop (all modern OS support multiple desktop). and start a clean session there when you are on a conf call. this way you will not accidentally switch to another app/window that can reveal confidential information.





Comments (3)

  • +0 – Sorry if the question was not clear enough, my fear is rather that the browser has the ability, without asking, to transmit the image of a full screen or apps. And that some sites may abuse this to obtain private information, rather than leaking anything by accident. — May 13, 2020 at 09:43  
  • +0 – I thin that is mainly because of the browser extension of webex ! otherwise if they are using the native browser API you will get a confirmation box ! — May 13, 2020 at 10:03  
  • +0 – I just checked and really found a "Hangouts" extension. I do not recall installing it but you are right, thanks. — May 13, 2020 at 10:11  


External Links

External links referenced by this document: