Evan Andersen, a Canadian hacker has discovered a bug in the NVIDIA GeForce Graphics driver allowing to retrieve web pages that you have visited under incognito browsing mode in Google Chrome. According to Andersen when he discovered the bug at that time he was greeted by an adult entertainment video, which he watched a couple of hours early to go play more relaxed Diablo III.
Upon further investigation, Andersen found That when the Chrome incognito mode is closed, the frame buffer of the GPU is not cleared (the GPU memory) allowing the previous contents are filtered to other applications.
This is a serious problem. It breaks the operating system’s user boundaries by allowing non-root users to spy on each other. Additionally, it doesn’t need to be specifically exploited to harm users – it can happen purely by accident. Anyone using a shared computer could be exposing anything displayed on their screen to other users of the computer.
It’s a fairly easy bug to fix. A patch to the GPU drivers could ensure that buffers are always erased before giving them to the application. It’s what an operating system does with the CPU RAM, and it makes sense to use the same rules with a GPU. Additionally, Google Chrome could erase their GPU resources before quitting
Andersen filed a bug report to both NVIDIA and Google in 2014. NVIDIA had acknowledged the problem, but still have not bothered to fix it. Google for STI part marked it as a mistake that will not solve, claiming the incognito mode is not designed to protect against other users on the same PC. That is why now with this news network run by Andersen is sure to finally fix the problem.