Slashdot Mirror

← Back to Stories (view on slashdot.org)

Nvidia GPUs Can Leak Data From Google Chrome's Incognito Mode (softpedia.com)

Posted by Soulskill on from the edge-cases-abound dept.

An anonymous reader writes: Nvidia GPUs don't clear out memory that was previously allocated, and neither does Chrome before releasing memory back to the shared memory pool. When a user recently fired up Diablo 3 several hours after closing an Incognito Mode window that contained pornography, the game launched with snapshots of the last "private" browsing session appearing on the screen — revealing his prior activities. He says, "It's a fairly easy bug to fix. A patch to the GPU drivers could ensure that buffers are always erased before giving them to the application. It's what an operating system does with the CPU RAM, and it makes sense to use the same rules with a GPU. Additionally, Google Chrome could erase their GPU resources before quitting."

4 of 148 comments (clear)

  1. Re: Why does a web browser need GPU for basic by tysonedwards · · Score: 5, Insightful

    You mean using a graphics processing unit to process graphics? What level of weapons grade bullshit is this?

    --
    Thirty four characters live here.
  2. Re:They should just rename it PornMode by Austerity+Empowers · · Score: 4, Insightful

    There is value in using that mode for porn (although your IP address is still exposed, and it's unclear that anyone is going to understand why you were at LustyHotBabes.com for any non auto-erotic pursuits). But it is also incredibly useful for the times you want to visit a site that caches credentials locally or otherwise relies on client-side tracking, but you don't want that behavior. I do not like to leave data for gmail, facebook, linked-in etc. on my work machine, for example, I don't own it and IT can seize it at any time.

  3. Re:AMD Open Source Driver on Linux by The+MAZZTer · · Score: 4, Insightful

    Yeah. Your GPU was not designed with security of the information stored in it in mind. It was designed to play video games and a few other things, and it's not a big deal if a few of your game textures leak, if it means the GPU can be slightly faster at managing its memory. The responsibility should be Chrome's to clear out its GPU memory in incognito mode after it's done using it.

  4. The OS to blame? Don't think so... by gwolf · · Score: 4, Insightful

    The GPU memory is not handled by the OS, it runs on a separate piece of hardware, a full computer system if you allow, that does not run an OS by itself.

    The NUMA API for using nVidia cards for GPGPU operations is quite simple and straightforward; when requesting memory, it allocates a chunk; when releasing it, it's just marked as "not yours anymore". Due to the massive parallel programming model, there is even some *value* in not clearing it, as for algorithmic iterations sometimes you can save the cost of populating and freeing memory blocks if you know you will get the same pieces of RAM (or if it does not really matter, and each algorithmic pass can work exclusively on a given set of data until a certain point has reached — think i.e. symmetric encryption schemes).

    Due to every time more intelligent C compilers (and of course higher level constructs) we have got used to memory being zeroed out on assignation, but no AFAICT no standard mandates that. I would place the burden of cleaning the memory on the *initialization* of the new application. After all, be it pr0n or just random flipped bits, Diablo looks bad by starting with the display of digital noise.

    I don't think it should be *too much* of a concern for Chrome cleaning up before closing a tab. Yes, there is a certain thing about it being "incognito mode" that should be honored, and –as a special case– it *should* ensure to clean up its act. But the main fault I'd say is at Diablo.