[Owasp-singapore] [security-77] Findings on Google Chrome/Chromium "Incognito" mode

Wong Onn Chee ocwong at usa.net
Mon Dec 21 03:37:20 EST 2009


Hi Anton,

Thanks for sharing too. :-)

The version of Chromium I am using is
chromium-4.0.252.0-0.1.20091119svn32498.fc12.i686
As you can see, the Chromium package I tested was built for Fedora 12.
It looks like an older version compared to yours, so maybe your version
has resolved this.

Nevertheless, you can do this test.

1) Delete the suggested files
2) Launch Chromium in incognito mode
3) Check whether the files are and note down their default sizes
4) Start browsing
5) Close Chromium
6) Check whether the files created in Point 3 grow in sizes.

(A number of the files are SQLitev3 files.)

If the files do not grow in size at Pt 6, I think you can assume that
your web history is not archived.
Nevertheless, it should not hurt you if you wish to wipe these files
too. ;-)

Cheers
Onn Chee


On 12/21/2009 04:00 PM, anton_kg wrote:
> I've ran "grep" recursively in the pointed directories and could not
> find any traces of websites I browsed in the incognito mode. How did
> you find it?
> It's better to open a bug report and fix it permanently If it's really true.
>
> ps. chromium 4.0.266.0_p33995
>
>
> 2009/12/21 Wong Onn Chee <ocwong at usa.net>:
>   
>> Hi folks,
>>
>> I believe all of you know that Chrome/Chromium comes with the "Incognito"
>> window which purportedly allows private browsing.
>>
>> While testing the Chrome/Chromium browser on Linux, I discovered that
>> browsing history, even when Incognito mode is enabled, does get stored in
>> your local machine.
>>
>> These are the files you need to wipe to ensure 100% privacy:
>>
>> Chrome
>>
>> Under your /home/<username>/.config/google-chrome/Default folder, remove
>>
>> Archived*
>> Cookies
>> Current*
>> History*
>> Last*
>> Thumbnails
>> Visited*
>> Web*
>>
>> Chromium
>>
>> Under your /home/<username>/.config/chromium/Default folder, remove
>>
>> Archived*
>> Cookies
>> Current*
>> History*
>> Last*
>> Thumbnails
>> Visited*
>> Web*
>> Local Storage/*
>>
>> To the best of my knowledge, there is no impact when the above files are
>> deleted as the Chrome/Chromium browser will re-create these files.
>>
>> Recommend to use secure wipe commands to delete such files to really leave
>> no trail of your web history.
>>
>>
>> Have a safe Merry Christmas and Happy New Year!
>>
>> Cheers
>> Onn Chee
>>
>>
>>
>>
>> --
>> Please Note: If you hit "REPLY", your message will be sent to everyone on
>> this mailing list (security-77 at meetup.com)
>> This message was sent by Wong Onn Chee (ocwong at usa.net) from The Singapore
>> Security Meetup Group.
>> To learn more about Wong Onn Chee, visit his/her member profile
>> To unsubscribe or to update your mailing list settings, click here
>>
>> Meetup Inc. PO Box 4668 #37895 New York, New York 10163-4668 |
>> support at meetup.com
>>     
>
>
> --
> Please Note: If you hit "REPLY", your message will be sent to everyone on this mailing list (security-77 at meetup.com)
> http://www.meetup.com/SGSecurityMG/
> This message was sent by anton_kg (anton.bugs at gmail.com) from The Singapore Security Meetup Group.
> To learn more about anton_kg, visit his/her member profile: http://www.meetup.com/SGSecurityMG/members/4500727/
> To unsubscribe or to update your mailing list settings, click here: http://www.meetup.com/account/comm/
> Meetup Inc. PO Box 4668 #37895 New York, New York 10163-4668 | support at meetup.com
>
>
>
>   



More information about the Owasp-singapore mailing list