Incognito Bug Reveals All Your Private Browsing Secrets

It seems that the private browsing (or ‘incognito mode’ on Google’s Chrome browser) may not be as private as many of us would like, as screenshots of your browsing habits could unexpectedly re-appear.

That’s according to University of Toronto student Evan Andersen, who found that Chrome’s incognito mode proved anything but that, after shots of an adult video he had viewed on YouPorn hours before reappeared on his screen as he loaded the video game Diablo III.

Leaking

Andersen said he believed that the fault is caused by a bug in the drivers used by Nvidia graphic cards, which fail to erase the GPU memory before launching another application.

“This allows the contents of one application to leak into another,” he wrote in a blog post detailing the flaw.

“When the Chrome incognito window was closed, it’s framebuffer was added to the pool of free GPU memory, but it was not erased. When Diablo requested a framebuffer of its own, Nvidia offered up the one previously used by Chrome. Since it wasn’t erased, it still contained the previous contents. Since Diablo doesn’t clear the buffer itself (as it should), the old incognito window was put on the screen again.”

Andersen backed up his theory by writing a program that scanned the GPU memory for non-zero pixels, which uncovered a Reddit page that he had had opened minutes before on one of his computer’s other user accounts.

This is especially worrying as it means the flaw could open up the possibility of exposing the habits of multiple users on a shared PC, even those who were not specifically targeted.

“It breaks the operating system’s user boundaries by allowing non-root users to spy on each other,” he wrote. “Additionally, it doesn’t need to be specifically exploited to harm users – it can happen purely by accident. Anyone using a shared computer could be exposing anything displayed on their screen to other users of the computer.”

Andersen says that he informed both Nvidia and Google about the bug two years ago, with the former apparently acknowledging that the bug exists, but has not yet created a fix.

However, Google has said that it will not address the bug, claiming that Chrome’s incognito mode is “not designed to protect you against other users on the same computer”.

And Nvidia says the issue is not related to any of its graphics drivers, but rather a fault in the memory management of the operating system running on Andersen’s PC.

“This issue is related to memory management in the Apple OS, not NVIDIA graphics drivers,” the company told TechWeekEurope in a statement.

“The NVIDIA driver adheres to policies set by the operating system and our driver is working as expected.”

“We have not seen this issue on Windows, where all application-specific data is cleared before memory is released to other applications.”

Are you a security pro? Try our quiz!

Mike Moore

Michael Moore joined TechWeek Europe in January 2014 as a trainee before graduating to Reporter later that year. He covers a wide range of topics, including but not limited to mobile devices, wearable tech, the Internet of Things, and financial technology.

Recent Posts

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

40 mins ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

3 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

4 hours ago

Dutch PM Raises Cyber Espionage Case With China’s Xi

Beijing visit sees Dutch Prime Minister Mark Rutte discuss cyber espionage incident with Chinese President…

5 hours ago

Vodafone Germany Confirms 2,000 Job Losses, Amid European Restructuring

More downsizing at Vodafone after German operation announces 2,000 jobs will be axed, as automation…

21 hours ago

AI Poses ‘Jobs Apocalypse’, Warns Report

IPPR report warns AI could remove almost 8 million jobs in the United Kingdom, with…

22 hours ago