Nvidia blames Apple for bug that exposes porn browsing in Chrome’s incognito mode

If you use Google Chrome’s incognito mode to hide what you browse (ahem, porn), this might pique your interest. University of Toronto engineering student Evan Andersen discovered a bug that affects Nvidia graphics cards, exposing content that you thought would be for your eyes only. And because this only happens on Macs, Nvidia is pointing the finger at Apple.

Andersen made the discovery when he launched Diablo III and was shown pornography that he had been looking at hours earlier. Chrome may have kept its promise of not keeping track of the websites being visited, but that wasn’t enough. He grabbed a screenshot, censoring the naughty images with red boxes:

Like many people, Anderson was using incognito mode to hide content from friends and family using the same computer. Fortunately, he was still the one using the Mac when the bug first occurred. But this bug isn’t limited to just Chrome’s incognito mode — anything that appears on your screen is up for grabs.

After some investigation, Anderson concluded a bug in Nvidia’s GPU drivers was the cause:

GPU memory is not erased before giving it to an application. This allows the contents of one application to leak into another. When the Chrome incognito window was closed, its framebuffer was added to the pool of free GPU memory, but it was not erased. When Diablo requested a framebuffer of its own, Nvidia offered up the one previously used by Chrome. Since it wasn’t erased, it still contained the previous contents. Since Diablo doesn’t clear the buffer itself (as it should), the old incognito window was put on the screen again.

But this isn’t Nvidia’s fault. At least, according to Nvidia.

“This issue is related to memory management in the Apple OS, not NVIDIA graphics drivers,” a Nvidia spokesperson told VentureBeat. “The NVIDIA driver adheres to policies set by the operating system and our driver is working as expected. We have not seen this issue on Windows, where all application-specific data is cleared before memory is released to other applications.”

Anderson wrote a program to reliably reproduce the bug by scanning the GPU’s memory for non-zero pixels. The tool was able to reproduce a Reddit page closed on another user account, down to each and every pixel.

The engineering student considers this to be “a serious problem” because “non-root users can spy on each other,” even by accident. While he has demonstrated that this is certainly true, it’s worth keeping in mind a rule of thumb in security: If you have physical access to the device, all bets are off. In other words, this bug isn’t being exploited over a network or the Internet, but in person.

That said, the issue should still be fixed. Andersen claims he submitted the bug to both Nvidia and Google two years ago. Neither company was particularly concerned:

Nvidia acknowledged the problem, but as of January 2016 it has not been fixed. Google marked the bug as won’t fix because google chrome incognito mode is apparently not designed to protect you against other users on the same computer (despite nearly everyone using it for that exact purpose).

But again, because Anderson brought this to the world’s attention this week, at least Nvidia has publicly responded. The hardware company says that this is an issue it can’t fix because of the rules set by OS X, noting that this is why the bug doesn’t occur on Windows.

In addition to contacting Nvidia, we also reached out to Apple and Google about this issue. The companies had not responded at the time of publication.

Update at 12:12 p.m. Pacific: Some Reddit users are reporting this issue also occurs with AMD graphics cards, adding to the validity that this is an OS X issue not an Nvidia one.