Vulnerabilities in Chrome exist that could allow for a computer microphone to be turned on just by passing through a malicious website – but Google has not done anything about it in the four months since Tal Ater, a web developer, reported on it.

In September 2013, Ater discovered the bugs while working on annyang, a program that allows visitors to navigate websites using voice commands. Ater reported his findings to Google and, in less than a week, the internet company identified the issue and wrote a fix.

But that fix was never applied.

Google is currently awaiting a response from its Standards group on the best course of action to take, according to Ater, who released the source code for the exploits and explained the issue works using hidden pop-under windows.