Google, Chrome, WebVR,

You open Chrome in incognito mode, for obvious reasons, and think all your history remains a mystery to other users on the computer. But, thanks to a new bug on Mac the content you browsed incognito is available for all users to see.

The bug in question has affected the Nvidia graphics cards on Mac computers. A University of Toronto engineering student, Evan Andersen happened to discover this bug one fine day. After having watched porn in incognito mode, Andersen thought the browsing history was untraceable. But when he launched Diablo, suddenly the tabs he opened while incognito appeared in front of his eyes.

The discovery of this bug left Nvidia blaming Apple, because after all the bug was on Mac. It is speculated that the bug does not affect just Chrome in incognito mode, but every activity that appears on screen. Anderson determined that the cause of the bug lay in Nvidia’s GPU drivers. He stated

GPU memory is not erased before giving it to an application. This allows the contents of one application to leak into another. When the Chrome incognito window was closed, its framebuffer was added to the pool of free GPU memory, but it was not erased. When Diablo requested a framebuffer of its own, Nvidia offered up the one previously used by Chrome. Since it wasn’t erased, it still contained the previous contents. Since Diablo doesn’t clear the buffer itself (as it should), the old incognito window was put on the screen again.

This has promoted Nvidia to respond, and the company has switched blames on Apple according to Venture beat. Nvidia stated that “This issue is related to memory management in the Apple OS, not NVIDIA graphics drivers. The NVIDIA driver adheres to policies set by the operating system and our driver is working as expected. We have not seen this issue on Windows, where all application-specific data is cleared before memory is released to other applications.”

Anderson states that this bug has the potential to spy on any computers and on any user activity. The bug can be easily exploited by non-root users to spy on each other. This bug does not require access to internet or a network to work. Any person using the infected computer can know what the previous user was doing.

The bug is still being handled by Nvidia and the cause is being determined. Andersen states that even though he has submitted the bug to Nvidia and Google two years ago, the bug still looms at large. He added that

Nvidia acknowledged the problem, but as of January 2016 it has not been fixed. Google marked the bug as won’t fix because google chrome incognito mode is apparently not designed to protect you against other users on the same computer.

Nvidia has finally responded after Anderson made this issue public. The company stated that it cannot fix the bug, because of certain rules determined OS X. The Windows computers have till now remained unaffected by the bug.

Leave a Reply

Your email address will not be published. Required fields are marked *