Tech blogger Evan Andersen said that he was shocked to see porn that he had been watching earlier appear on his screen when he launched Diablo III. To make matters worse the game temporarily froze as it launched, preventing any attempt to clear the screen.
Admitting the comedy of the moment, Anderson wondered how on earth his computer remembered those images when he browsed using Chrome’s incognito mode.
After doing some searching he found a bug in Nvidia’s GPU drivers. Apparently GPU memory is not erased before giving it to an application which allows the contents of one application to leak into another.
While the Chrome incognito window was closed, its framebuffer was added to the pool of free GPU memory, but it was not erased. When Diablo requested a framebuffer of its own, Nvidia offered up the one previously used by Chrome. Since it wasn’t erased, it still contained the previous contents. Diablo should have cleaned the buffer itself but it didn’t and the result was that the old incognito window was put on the screen again.
Anderson was able to reproduce the bug writing a program to scan GPU memory for non-zero pixels. It was able to reproduce a pages from the past.
“Of course, it doesn’t always work perfectly, sometimes the images are rearranged. I think it has something to do with the page size of memory on a GPU,” he said.
Basically though it allows non-root users to spy on each other and it can happen purely by accident. Anyone using a shared computer could be exposing anything displayed on their screen to other users of the computer.
It should be super easy to fix right? A patch to the GPU drivers could ensure that buffers are always erased before giving them to the application.
But Anderson told Nvida and Google about the bug two years ago. Nvidia acknowledged the problem, but hadn’t Google marked the bug as won’t fix because google chrome incognito mode is apparently not designed to protect you against other users on the same computer.