Google Chrome may leak Incognito Mode data

Martin Brinkmann
Jan 11, 2016
Updated • Jan 14, 2016
Google Chrome

Private Browsing is a relatively new feature of most modern web browsers that serves two main purposes: using a separate browsing session while using the browser, and deleting local information when the separate session is terminated by the user.

Basically, it is an attempt to delete information about a browsing session so that users with access to the system don't know what a user did while using private browsing mode and to prevent the information of that session to be included with regular browsing data (e.g. suggestions when users type in the address bar).

The system is not perfect as it is only limited to the browser, and it does not take care of any online tracking that is taking place on top of that (something which often gets confused).

The DNS Cache for instance reveals the sites visited in private browsing mode unless users take extra precautions and clear it regularly as well.

Things are even worse for Chrome users under certain circumstances, as information from the browser's private browsing mode may leak after existing it.

Update: According to Nvidia, this is not a the company's fault but Apple's. According to a report on Venturebeat, the issue at hand is related to "memory management in the Apple OS, not Nvidia graphics drivers".

private browsing leak

A user reported an issue back in April 2015 stating that Chrome's Incognito Mode exposed porn that he viewed to family members.

He discovered this by accident when Diablo 3's loading screen displayed "some porn" that he had viewed earlier the day in Chrome's Incognito Mode. His family took a screenshot of the loading screen (showing the frontpage of a popular porn site that shares the first three characters with YouTube).

He found out that information were not erased in physical memory after exiting the private browsing mode, and that other applications could tap right into the information. Diablo 3 has a bug apparently that brought the leak to the front.

GPUs don't respect process boundaries - physical memory is NOT zeroed when it is passed to a new process. When you close an incognito window, all GPU assets (framebuffer, textures, etc) are left sitting in VRAM. Later, another application can create a new buffer on the GPU and find it filled with the previous incognito window contents.

Not only did he write a program to verify the claim, he provided Google with a suggestion on how to fix it as well.

Draw black into every graphic asset and texture before freeing it (stuff still leaks on a crash, but without patching the gpu driver you can't fix that).

Google's reaction to the revelation was a swift "Wont Fix" and an explanation that puts the browser's private browsing mode into question as a whole.

Incognito does not provide guarantees for hiding browsing on a shared computer. (Someone who could see the shared memory could also install a keylogger, etc. on your computer.)

While Google is right that someone with access to shared memory or even the computer as a whole could use other means to find out about another user's private browsing activities, it is clear that the leak itself requires nothing more than running Diablo 3 or another program with a bug to reveal the information.

The issue came back to light yesterday only after being ignored for months, and there is a chance that Google will reopen the bug as several members of Chrome's gpu team were notified about it.

It is unclear at this point in time whether other browsers, Firefox or Internet Explorer, leak similar information under certain circumstances, or if they have safeguards like the one suggested by the usre who discovered the issue to prevent these type of leaks. (via Betanews)

Google Chrome may leak Incognito Mode data
Article Name
Google Chrome may leak Incognito Mode data
Google Chrome may leak data from Incognito Mode (private browsing) sessions under certain circumstances.
Ghacks Technology News

Previous Post: «
Next Post: «


  1. kubrick. said on August 9, 2016 at 12:50 am

    Hilarious article.
    if people are so concerned about their info then chrome is the last browser to be using.

  2. Anonymous said on July 31, 2016 at 11:57 am

    i have found recently that many times, chrome is supposed to be incognito, it isnt.
    i discovered that after a browsing session, i went to open chrome in incognito mode..right clicking the icon and seen my previous history. i opened it regular way and found it had kept all my previous session info.
    i have checked this again and again, it is happening nearly 50% of the time it is supposed to be ‘incognito’ mode.
    i wrote to chrome support, received the usual non-answer.
    i have never trusted chrome, or for that matter most things ‘internet’ but this is the last straw. bye bye chrome n google.

  3. Wacky said on June 28, 2016 at 8:50 pm

    There is a video demonstrating another leak from Chrome incognito mode in iOS:

  4. toad said on January 12, 2016 at 8:39 pm

    I wonder if it would be a good workaround to use Chrome in Linux through virtualbox as the incognito session.

  5. Prime said on January 12, 2016 at 1:44 am

    A simple way to disable this bug yourself would be to go into Chrome’s settings and disable hardware acceleration while in Incognito mode.

  6. Decent60 said on January 12, 2016 at 12:41 am

    A bigger question would be: Does all “Private Viewing” features on all browsers do that or was it only Chrome that happens to leave those traces?

    I tried to reproduce the issue to test that on other browsers, however, the program he attached to reveal it….well….I’m not too sure how to proceed with it. So a bit of research is going to be taken as to how to do it lol.

  7. D. said on January 11, 2016 at 7:21 pm

    I was going to go get a late lunch but after reading Pants comment I think I will go back to work…Lol.

  8. D. said on January 11, 2016 at 5:43 pm

    I would not trust Incognito Mode in any browser, I’m sorry! If you want to turn it on fine, but I would still use a cleaner behind it though especially with family using the same computer. We all might not have as a forgiving family…smiles.

    1. Martin Brinkmann said on January 11, 2016 at 5:58 pm

      Especially with family using the same user account, which is really bad on several levels.

      1. Pants said on January 11, 2016 at 6:05 pm

        No one .. and I mean NO ONE .. will ever know I watch hairy midget goat porn … oh wait! Damnit

      2. Martin Brinkmann said on January 11, 2016 at 6:07 pm

        That sounds like an awful fetish ;)

  9. TekWarfare said on January 11, 2016 at 2:43 pm

    How embarrassing. I mean, imagine finding out that your Son plays Diablo 3.

    On a serious note though, I really can’t trust a browser made by a company that own the most powerful web crawler and sell information. Incognito mode or not, you should never feel safe using such a browser. I’ve been using Firefox Nightly for months and it’s been great, heck, far better than Chrome in many respects. Only niggles would be poor full-screen Twitch performance and it feels slightly laggy by comparison. For real though, y’all should start using Firefox.

    1. Celtic_God said on January 12, 2016 at 12:47 pm

      Firefox is no solution for me. I want customization and no Chrome look-a-like. And as i do not use anyway hardware acceleration i feel perfectly fine with Vivaldi Browser.

  10. HAH! said on January 11, 2016 at 2:18 pm

    That’s what you get for watching p0rn using Chrome

    1. Andrew said on January 11, 2016 at 6:11 pm

      in comparison to what?

      1. Decent60 said on January 12, 2016 at 12:32 am

        Neighbors window works nicely…..I mean…not like I would do a thing like that…..Oh look! Squirrel!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.