As per https://dev.chromium.org/Home/chromium-security/security-faq, this is not considered a Security Bug, but a Privacy one, changing the relevant labels.

Thanks for the report. I believe this had been reported before, but I can't find that bug, so we can just use this one.

It is often difficult for us to prevent the OS from saving some information about the user's activity, but we do try to be defensive; and this particular case seems pretty solvable.

For example, stripping or masking URLs in logs that come from the Incognito mode should not harm the usability of logs much, but would address this issue. It would be difficult to tell for each call of LOG() whether it pertains to Incognito or the regular mode. However, we can do e.g. the following: If an Incognito window is open, LOG() will run an additional check where the logged string is regex-matched for something that looks like an URL. If a URL is found, it is compared against those that are open in Incognito tabs. If it matches, we will strip it.

rhalavati@: Adding this to your plate.

No need for tight view restrictions.

Thanks for consideration, 
Kindly acknowledge my work. 

Regards
M Asim 
Bangash.asim@hotmail.com

How?

The title does not exactly match, but the discussion in that bug has reached the conclusion to do a Chrome wide policy for notifications in incognito. Please see comment 26...

Kindly, Refer comment 26.

Sorry, but I don't get what you meant by last comment. Are you stating that this is a different problem and requires a separate bug?

I was wrong, the two bugs are different.
Moving back to assigned status.

Ok, Thanks

I think it would great if we could sanitize logs from incognito but I don't understand how another app would be able to get access to Chrome logs. Apps should not be able to read logs since Jelly Bean, which is also the minimum supported Android version of Chrome.

https://android.gadgethacks.com/how-to/android-basics-capture-logcat-for-detailed-bug-reports-0167774/ kindly check this.

The article describes using ADB and eLogcat. Only eLogcat is an App and the article mentiones that it requires a rooted phone. 
What do you mean with "applications"? Do you mean Android apps or applications running on the device your phone is connected to?

Android apps having root access, 

Apps on other device can acess via adb. 

Hi Muhammad,

I tried to reproduce the bug on Nexus 7, Chrome 66.0.3359.126, from Linux as follows:

1- I ran adb logcat > ~/Desktop/android_log.txt
2- Opened Chrome.
3- Went to BBC.COM in regular mode.
4- Opened incognito.
5- Went to  www.olx.com in incognito.
6- Went to  www.hotmail.com in incognito.
7- Closed Incognito.
8- Went to Aljazeera.com in regular mode.
9- Stopped ADB.

I searched the log, BBC and Aljazeera were in the log, but olx, hotmail, and CNN were not.

Do you have any suggestions on were I am wrong?

Typo: Nexus 6P, Android 8.1

I close the back based on lack of reproduciblity and feedback.

Will open again if evidence was found.