Issue metadata
Sign in to add a comment
|
Incognito mode data persistence caused by JavaScript headless popup
Reported by
bar...@gmail.com,
Mar 10 2018
|
||||||||||||||||||||||
Issue descriptionPRIVACY ISSUE Javascript headless popup window can be opened from the incognito mode and can cause session persistence even after all incognito mode closures. Javascript popup include localStorage data and also can be hidden, User can unwittingly close all tabs but not the headless window. VERSION Chrome Version: 64.0.3282.186 + stable. Operating System: Windows 10 REPRODUCTION STEPS 1. Open Incognito mode - https://codepen.io/barzik/pen/dmPeJx?editors=1010 for example. 2. Click the button several times. the JS opens javascript popup (in the demo it is visible). The counter is incremented by data that inserted to localStorage. 3. Close all incognito tabs. 4. Open new incognito tab. localStorage data is there. |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by msramek@chromium.org
, Mar 12 2018Status: Duplicate (was: Untriaged)