Many of us are aware of web browsers' private browsing capabilities, where the program does not record any of the websites visited. It could be useful if you want to stay anonymous, or if you want to buy a gift for a family member, or maybe witness some hot triple X action without your tracks being recorded.
While it does keep its promise of not remembering that website you visited, a glitch in a display driver exposed the nasty habits of a student online while on private mode, possibly causing some embarrassment to himself.
University of Toronto student Evan Andersen has discovered that his "incognito mode" session in Google Chrome reappeared, displaying a video on adult website YouPorn, after he loaded the game Diablo III. According to his recent blog post, instead of displaying the normal black screen before loading the game itself, the screen instead displayed a screenshot of Andersen's adult session, which according to him happened "hours" before launching the game.
Contemplating how this happened, Andersen finds the fault to be in the drivers in his computer's NVIDIA graphics card. He states:
So how did this happen? A bug in Nvidia’s GPU drivers. GPU memory is not erased before giving it to an application. This allows the contents of one application to leak into another. When the Chrome incognito window was closed, it’s framebuffer was added to the pool of free GPU memory, but it was not erased. When Diablo requested a framebuffer of it’s own, Nvidia offered up the one previously used by Chrome. Since it wasn’t erased, it still contained the previous contents. Since Diablo doesn’t clear the buffer itself (as it should), the old incognito window was put on the screen again.
In shorter and clearer terms, the computer's GPU memory, even after hours since watching the videos had still not deleted the old data. So upon launching Diablo III, the game reused the framebuffer previously used by Google Chrome, leading to a quite embarrassing situation.
To prove his theory, Andersen wrote a program that scans GPU memory for non-zero pixels, using a reddit page as a test page, which was able to reproduce the same problem.
He notes that the problem is very serious, not only to non-root users who could spy on each other, but also to anyone, by exposing anything on their screen to other users of a shared computer. For the moment, he has applied a patch that erases the GPU's memory before handing it over to the next application.
Lastly, Andersen claimed that he informed NVIDIA and Google of the problem more than two years ago. NVIDIA has since acknowledged the problem, but still hasn't released a fix, according to him. Google on the other hand, allegedly will not take any responsibility for the problem, as it stated that its Incognito mode feature is “not designed to protect you against other users on the same computer (despite nearly everyone using it for that exact purpose.)”
Source: Evan Andersen via HOTForSecurity | Image via Evan Andersen
54 Comments - Add comment