Beware: Google Chrome incognito porn searches exposed by Nvidia GPU driver bug
Do you use Google Chrome's Incognito Mode to make sure that other people who use your computer won't be able to tell what you were looking at online? Well, if you have an Nvidia graphics card in your computer, there's a chance that your privacy could be compromised.
When Evan Andersen, an electrical and computer engineering student at the University of Toronto, decided to load Diablo III – a graphics-intensive video game – on his Mac, the computer froze. Instead of Diablo III's loading screen, Andersen suddenly found himself looking at a porn website he had viewed hours before in Chrome's Incognito web browser.
Although Andersen closed the Incognito browser window after he was done accessing the porn website, a bug in Nvidia's GPU drivers meant that the video memory was not erased, even though the frame buffer used by the Chrome Incognito window was returned to the pool available to the Mac operating system.
So, when the Diablo III application requested its own frame buffer so that it could load the game, the Nvidia GPU issued the one that had been used by Chrome, and since it hadn't been erased, an image of the porn website appeared on the screen.
It is interesting that the error was spotted on a Mac, given that Windows PCs are the usual culprit, but a commenter on Andersen's blog confirmed that he spotted the same behaviour back in 2012 on his PC, which was also outfitted with an Nvidia graphics card.
Nvidia acknowledged the bug, but hasn't fixed it
"This is a serious problem. It breaks the operating system's user boundaries by allowing non-root users to spy on each other. Additionally, it doesn't need to be specifically exploited to harm users – it can happen purely by accident. Anyone using a shared computer could be exposing anything displayed on their screen to other users of the computer," Andersen wrote in a blog post.
Andersen says that he reported the GPU bug he discovered to both Nvidia and Google in 2014. Although Nvidia acknowledged the bug, as of January 2016, it has still not been fixed. Meanwhile, Google apparently designated the bug as one it was not interested in fixing, because "Google Chrome Incognito Mode is apparently not designed to protect you against other users on the same computer (despite nearly everyone using it for that exact purpose)".
So should people even bother using Chrome's Incognito Mode anymore? When you open up an Incognito window, Google warns you that whatever you browse on the internet cannot be hidden from an employer (i.e. the system administrator), your internet service provider (who can see all your IP traffic as well), or the people who run the websites you visit.
Given that all the parties who could possibly get you into trouble with the authorities know exactly what you're accessing, there's clearly no anonymity there. The only possible reason you could have for using Incognito Mode would be to make sure that what you are browsing isn't stored in Chrome's browser history or search history, and that no cookies are stored – but that is only useful if you're afraid someone else will see the offending websites on your computer.
UPDATE: The article has been updated to reflect Nvidia's statement on the issue on 13 January.
Nvidia is disputing the claims of Andersen. A spokesperson told IBTimes UK: "This issue is related to memory management in the Apple OS, not Nvidia graphics drivers. The Nvidia driver adheres to policies set by the operating system and our driver is working as expected. We have not seen this issue on Windows, where all application-specific data is cleared before memory is released to other applications."
© Copyright IBTimes 2024. All rights reserved.