Issue 605549 link

Starred by 1 user

Issue metadata

Status:	WontFix
Owner:	----
Closed:	Apr 2016
EstimatedDays:	----
NextAction:	----
OS:	Linux
Pri:	2
Type:	Bug-Security
Via-Wizard allpublic

Incognito knows user's "Tab-To-Search" entries.

Reported by aletorr...@gmail.com, Apr 21 2016

Issue description

UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.87 Safari/537.36

Steps to reproduce the problem:
1. Register a Tab-To-Search entry by visiting a compliant website.
2. Enter incognito mode.
3. Try to search into that website using the address bar.

What is the expected behavior?
It should not use those entries, because it can contain private user data. For example, a (probably poorly designed) website could register:

http://mywebsite.com/search?access_token=0123456789abcdef&text={searchTerms}

What went wrong?
Browser used those previous entries.

Did this work before? N/A 

Chrome version: 49.0.2623.87  Channel: n/a
OS Version: 
Flash Version: Shockwave Flash 21.0 r0

Comment 1 by vakh@chromium.org, Apr 22 2016

Labels: -Restrict-View-SecurityTeam
Status: WontFix (was: Unconfirmed)

Hello. Thanks for reporting this issue.
Your observation is totally correct, but we consider this working as intended.

Incognito mode is not a "do not track” mode, and it does not hide aspects of the user's identity from web sites.
Chrome does offer a Do Not Track option, distinct from Incognito mode: chrome://settings/search#privacy

For more details on the Incognito mode, I'd encourage you to read the following pages:
1. https://support.google.com/chrome/bin/answer.py?hl=en&answer=95464&p=cpn_incognito
2. https://www.chromium.org/Home/chromium-security/security-faq#TOC-What-are-the-security-and-privacy-guarantees-of-Incognito-mode-

Project Member

Comment 2 by sheriffbot@chromium.org, Oct 1 2016

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Project Member

Comment 3 by sheriffbot@chromium.org, Oct 2 2016

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 4 by mbarbe...@chromium.org, Oct 2 2016

Labels: allpublic

►

Issue 605549 link

Issue metadata

Incognito knows user's "Tab-To-Search" entries.

Issue description

Comment 1 by vakh@chromium.org, Apr 22 2016

Comment 1 Deleted

Comment 2 by sheriffbot@chromium.org, Oct 1 2016

Comment 2 Deleted

Comment 3 by sheriffbot@chromium.org, Oct 2 2016

Comment 3 Deleted

Comment 4 by mbarbe...@chromium.org, Oct 2 2016

Comment 4 Deleted

Sign in to add a comment