Google Chrome May Leak Incognito Mode Data

I wish I could say that I was surprised to read this, but …

Private Browsing is a relatively new feature of most modern web browsers that serves two main purposes: using a separate browsing session while using the browser, and deleting local information when the separate session is terminated by the user. Basically, it is an attempt to delete information about a browsing session so that users with access to the system don’t know what a user did while using private browsing mode and to prevent the information of that session to be included with regular browsing data (e.g. suggestions when users type in the address bar).

The system is not perfect as it is only limited to the browser, and it does not take care of any online tracking that is taking place on top of that (something which often gets confused).

The DNS Cache for instance reveals the sites visited in private browsing mode unless users take extra precautions and clear it regularly as well.

Things are even worse for Chrome users under certain circumstances, as information from the browser’s private browsing mode may leak after existing it.

private browsing leak

A user reported an issue back in April 2015 stating that Chrome’s Incognito Mode exposed porn that he viewed to family members.

He discovered this by accident when Diablo 3’s loading screen displayed “some porn” that he had viewed earlier the day in Chrome’s Incognito Mode. His family took a screenshot of the loading screen (showing the frontpage of a popular porn site that shares the first three characters with YouTube).

He found out that information were not erased in physical memory after exiting the private browsing mode, and that other applications could tap right into the information. Diablo 3 has a bug apparently that brought the leak to the front.

GPUs don’t respect process boundaries – physical memory is NOT zeroed when it is passed to a new process. When you close an incognito window, all GPU assets (framebuffer, textures, etc) are left sitting in VRAM. Later, another application can create a new buffer on the GPU and find it filled with the previous incognito window contents.

Not only did he write a program to verify the claim, he provided Google with a suggestion on how to fix it as well.

Draw black into every graphic asset and texture before freeing it (stuff still leaks on a crash, but without patching the gpu driver you can’t fix that).

Google’s reaction to the revelation was a swift “Wont Fix” and an explanation that puts the browser’s private browsing mode into question as a whole.

Incognito does not provide guarantees for hiding browsing on a shared computer. (Someone who could see the shared memory could also install a keylogger, etc. on your computer.)

While Google is right that someone with access to shared memory or even the computer as a whole could use other means to find out about another user’s private browsing activities, it is clear that the leak itself requires nothing more than running Diablo 3 or another program with a bug to reveal the information.

The issue came back to light yesterday only after being ignored for months, and there is a chance that Google will reopen the bug as several members of Chrome’s gpu team were notified about it.

It is unclear at this point in time whether other browsers, Firefox or Internet Explorer, leak similar information under certain circumstances, or if they have safeguards like the one suggested by the usre who discovered the issue to prevent these type of leaks. (via Betanews)

Link to Original Content

Tags: , , , ,

Comments are closed.