New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 642549 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Aug 2016
Cc:
rnimmagadda@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Feature



Sign in to add a comment

Incognito/Privacy-mode data leak

Reported by abuse....@gmail.com, Aug 30 2016 
UserAgent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36

Steps to reproduce the problem:
1. browse in private mode (incognito)
2. observe your activity made available to local windows processes

What is the expected behavior?
activity hidden

What went wrong?
Chrome is putting visited URLs and search terms etc into the "window title" and other elements of the browser which are accessible to tools running on the local machine like GetWindowText or equivalent

Did this work before? No 

Chrome version: 52.0.2743.116  Channel: stable
OS Version: 6.1 (Windows 7, Windows Server 2008 R2)
Flash Version: Shockwave Flash 22.0 r0

should be an easy fix?  Don't put *any* DOM into native controls when in private mode.

Comment 1 by rnimmagadda@chromium.org, Aug 31 2016

Cc: rnimmagadda@chromium.org
Components: UI>Browser>Incognito
Labels: Stability-Memory-LeakSanitizer M-53
Status: Untriaged (was: Unconfirmed)
Looks like a Feature Request.

Could someone from Dev team please look into this issue.

Thank you.

Comment 2 by rnimmagadda@chromium.org, Aug 31 2016

Labels: -Type-Bug Type-Feature

Comment 3 by battre@chromium.org, Aug 31 2016

Status: WontFix (was: Untriaged)
We cannot defend against a local attacker running software on your device. Assume we fixed capturing window titles. The attacker could still capture a video of your screen, the characters that you type, or the network traffic that leaves your machine. Sorry.

Sign in to add a comment