|Issue 601951||Android keyboard suggestions leak information typed in incognito window|
|Starred by 3 users||Reported by firstname.lastname@example.org, Apr 8 2016||Back to list|
Steps to reproduce the problem: 1. Type a specific string in an incognito window frequently (e.g. an acronym in a url) 2. Observe that when typing similar strings outside of Chrome (e.g. in hangouts) the string from the incognito window is suggested as a correction. What is the expected behavior? Any information typed in incognito mode should not go into the keyboard's dictionary or suggestion model What went wrong? The sensitive content typed in incognito windows was suggested outside of incognito window context. This shows that the information is available outside of incognito mode, and opens the potential for a user to accidentally leak something they'd like to be private. Did this work before? N/A Chrome version: 49.0.2623.105 Channel: stable OS Version: 6.0.1 Flash Version: This really might be more accurately characterized as a privacy bug, but crbug didn't have an option, so I selected "Security" out of the assumption that the chrome security team will know how to route this to an appropriate privacy team.
Apr 8 2016,
"crbug didn't have an option for privacy bugs", that is. (No radio button for it in the form.)
Apr 9 2016,
Apr 11 2016,
Just FYI: Here is a similar request for Chromium OS in Issue 311180.
Apr 13 2016,
A feature request for incognito support for the Android keyboard APIs is tracked at b/28157942.
Jun 3 2016,
|► Sign in to add a comment|