Slashdot Mirror

← Back to Stories (view on slashdot.org)

Nvidia GPUs Can Leak Data From Google Chrome's Incognito Mode (softpedia.com)

Posted by Soulskill on from the edge-cases-abound dept.

An anonymous reader writes: Nvidia GPUs don't clear out memory that was previously allocated, and neither does Chrome before releasing memory back to the shared memory pool. When a user recently fired up Diablo 3 several hours after closing an Incognito Mode window that contained pornography, the game launched with snapshots of the last "private" browsing session appearing on the screen — revealing his prior activities. He says, "It's a fairly easy bug to fix. A patch to the GPU drivers could ensure that buffers are always erased before giving them to the application. It's what an operating system does with the CPU RAM, and it makes sense to use the same rules with a GPU. Additionally, Google Chrome could erase their GPU resources before quitting."

3 of 148 comments (clear)

  1. AMD Open Source Driver on Linux by grumbel · · Score: 4, Informative

    The AMD Open Source Driver on Linux do the same thing. It's not really a new or spectacular bug, graphics cards and drivers have done that stuff for quite a long while. Once there was also a fun bug that would make large texts in Firefox 'bleed' into the desktop background image, so it wasn't just showing old content, but actively manipulating content of another application.

  2. Re: Performance Hits? by Delwin · · Score: 4, Informative

    The performance hit is real - and without custom silicon it's quite expensive. This bit me on the ass recently on a GPGPU project I was working because the amount of time taken to clear the buffer before use was about 10x the amount of time to actually do the computation.

  3. Re:They should just rename it PornMode by Anonymous Coward · · Score: 3, Informative

    Use it to browse sites that need cookies to work, but then use them to fix or mess with prices against you. Like airline sites and travel search engines that will sometimes raise prices if you search from a browser with the same cookies.

    Use it to follow links you don't want messing with other tracked histories. You see an article on weird stuff for sale but don't want Amazon or other sites suggesting related stuff every time you visit in the future?

    Having trouble with sites that stupidly use cookies to track login attempts, either because you don't quite remember your password or because of connection problems requiring you to login too frequently? Or similarly to visit sites that try to only work a certain number of times before requiring a fee, but also restrict their tracking of visit count to cookies.

    It is basically an easy way to pre-emptively stop cookies from remembering things for a particular session, instead of having to clean-up things afterwards.