VULNERABILITY DETAILS
In Chrome 53.0 I found a way to get information about sites that have been visited in incognito mode. Using chrome://net-internals/#events I can "record" every event that was captured in normal or incognito mode. All I have to do is open the chrome://net-internals/ before the incognito sessions starts. Afterwards I can view the event history even if the incognito session has already been closed, because the events keep in there as long as the tab stays open.
The events show URLs (GET Parameters included) and HTTP Headers. Cookies and POST Data is not included here. Also HTTPS protected Requests are recorded in plain text.
The Export function (chrome://net-internals/#export) also allows me to export the recorded data. Here I even have the option to not "Strip private information (cookies and credentials)". So I now even have the chance to hijack the users' sessions. A simple script could read the exported JSON data and extract all the sensitive information that I could use to generate a detailed profile of the visited sites or even hijack sessions.
I think such a functionality should not work in incognito mode or should at least give a message to the user.

PROOF OF CONCEPT
As a "proof of concept" I tricked a colleague into using my chrome Browser (while the incognito mode was on) to login to his dropbox.com Account (he wanted to share a file with me). Before he used the browser I opened chrome://net-internals/ in my normal browsing session. After he was done (he closed the incognito session) I exported the Event Data, searched for the session data and so was able to hijack his Dropbox account by setting the cookie data.

VERSION
Chrome Version: 53.0.2785.101 m + stable
Operating System: Windows 7 Enterprise with Service Pack 1

REPRODUCTION CASE
1. Open Chrome and visit chrome://net-internals/
2. Additionally open Chrome in incognito mode
3. Visit several Websites in incognito mode
4. Close all incognito tabs / exit incognito Chrome
5. switch to the opened chrome://net-internals/ tab in first opened Chrome instance
6. View Events under chrome://net-internals/#events oder export them using chrome://net-internals/#export. The event log also includes the during incognito session visited sites.

Best regards
Tim Steufmehl