Incognito Bug Reveals All Your Private Browsing Secrets

It seems that the private browsing (or ‘incognito mode’ on Google’s Chrome browser) may not be as private as many of us would like, as screenshots of your browsing habits could unexpectedly re-appear.

That’s according to University of Toronto student Evan Andersen, who found that Chrome’s incognito mode proved anything but that, after shots of an adult video he had viewed on YouPorn hours before reappeared on his screen as he loaded the video game Diablo III.

Leaking

Andersen said he believed that the fault is caused by a bug in the drivers used by Nvidia graphic cards, which fail to erase the GPU memory before launching another application.

“This allows the contents of one application to leak into another,” he wrote in a blog post detailing the flaw.

“When the Chrome incognito window was closed, it’s framebuffer was added to the pool of free GPU memory, but it was not erased. When Diablo requested a framebuffer of its own, Nvidia offered up the one previously used by Chrome. Since it wasn’t erased, it still contained the previous contents. Since Diablo doesn’t clear the buffer itself (as it should), the old incognito window was put on the screen again.”

Andersen backed up his theory by writing a program that scanned the GPU memory for non-zero pixels, which uncovered a Reddit page that he had had opened minutes before on one of his computer’s other user accounts.

This is especially worrying as it means the flaw could open up the possibility of exposing the habits of multiple users on a shared PC, even those who were not specifically targeted.

“It breaks the operating system’s user boundaries by allowing non-root users to spy on each other,” he wrote. “Additionally, it doesn’t need to be specifically exploited to harm users – it can happen purely by accident. Anyone using a shared computer could be exposing anything displayed on their screen to other users of the computer.”

Andersen says that he informed both Nvidia and Google about the bug two years ago, with the former apparently acknowledging that the bug exists, but has not yet created a fix.

However, Google has said that it will not address the bug, claiming that Chrome’s incognito mode is “not designed to protect you against other users on the same computer”.

And Nvidia says the issue is not related to any of its graphics drivers, but rather a fault in the memory management of the operating system running on Andersen’s PC.

“This issue is related to memory management in the Apple OS, not NVIDIA graphics drivers,” the company told TechWeekEurope in a statement.

“The NVIDIA driver adheres to policies set by the operating system and our driver is working as expected.”

“We have not seen this issue on Windows, where all application-specific data is cleared before memory is released to other applications.”

Are you a security pro? Try our quiz!

Mike Moore

Michael Moore joined TechWeek Europe in January 2014 as a trainee before graduating to Reporter later that year. He covers a wide range of topics, including but not limited to mobile devices, wearable tech, the Internet of Things, and financial technology.

Recent Posts

Northvolt Mulls US Bankruptcy Protection – Report

Troubled battery maker Northvolt reportedly considers Chapter 11 bankruptcy protection in the United States as…

2 days ago

FTC Plans Investigation Into Microsoft Cloud Business – Report

Microsoft's cloud business practices are reportedly facing a potential anti-competitive investigation by the FTC

2 days ago

Programmer Sentenced To Five Years In Prison For Bitcoin Laundering

Ilya Lichtenstein sentenced to five years in prison for hacking into a virtual currency exchange…

2 days ago

Hate Speech Watchdog CCDH To Quit Musk’s X

Target for Elon Musk's lawsuit, hate speech watchdog CCDH, announces its decision to quit X…

2 days ago

Meta Fined €798m Over Alleged Facebook Marketplace Violations

Antitrust penalty. European Commission fines Meta a hefty €798m ($843m) for tying Facebook Marketplace to…

3 days ago

Elon Musk Rebuked By Italian President Over Migration Tweets

Elon Musk continues to provoke the ire of various leaders around the world with his…

3 days ago