Chrome's latest update, which added support for iOS 7, also included a significant flaw that was discovered by design firm Parallax (via TechCrunch). When using the search or address bar in an Incognito window within the app, browsing history will be saved and shared with the standard Google.com browser.


Google’s Incognito mode is designed to keep searches for sensitive information private, but as detailed in the video, searches will be displayed when the standard Google.com browser is accessed. The flaw can be replicated with the following steps:

- Open an Incognito window
- Enter a search term in the address bar and hit enter
- Open a non-Incognito window
- Navigate to Google.com
- Tap the search box on the page to see Incognito searches

TechCrunch contacted Google and learned that there is no fix for the issue, as it is an "unfortunate but unavoidable loophole that comes with building a browser for iOS. The company cites its Incognito support note, which does address the issue.

On Chrome for iOS, due to platform limitation regular and incognito* tabs share HTML5 local storage, which is typically used by sites to store files on your device (client-side caching) or to provide offline functionality. This means the same sites can always access their data in this storage in both regular and incognito* tabs. Incognito* tabs will still keep browsing history and cookies separate from regular tabs, which are cleared once those tabs are closed.

Apple’s default Safari browser does not appear to have the same issue, accurately hiding searches made in Private mode.

Top Rated Comments

Rocco83 Avatar
Rocco83
145 months ago
Hey everyone, Google here. We screwed something up in our browser. Apple's fault, not it!
Score: 8 Votes (Like | Disagree)
seamer Avatar
seamer
145 months ago
I wouldn't be so quick to say "Safari is able to do it." Simply due to the fact Apple doesn't have to follow its own submission process, and their apps can have certain privileges that third-parties cannot.
Score: 6 Votes (Like | Disagree)
willdude Avatar
willdude
145 months ago
I wouldn't be so quick to say "Safari is able to do it." Simply due to the fact Apple doesn't have to follow its own submission process, and their apps can have certain privileges that third-parties cannot.

Indeed, this would seem to be exactly the case, since Apple doesn't let third-party apps restrict HTML5 local storage, which is what Google and other sites use for this search history.

It's also been like this since at least iOS 6, so it's weird that it's suddenly getting all this coverage.
Score: 3 Votes (Like | Disagree)
PracticalMac Avatar
PracticalMac
145 months ago


TechCrunch contacted Google and learned that there is no fix for the issue, as it is an "unfortunate but unavoidable loophole that comes with building a browser for iOS. The company cites its Incognito support note (https://support.google.com/chrome/answer/95464?hl=en), which does address the issue. Apple's default Safari browser does not appear to have the same issue, accurately hiding searches made in Private mode.
Someone is dropping the ball.
Score: 3 Votes (Like | Disagree)
bacaramac Avatar
bacaramac
145 months ago
Guess I don't see the big draw to not use iOS Safari. I think it works rather well . Guess it provides benefits to some, but I see no reason to stray from built in apps if you don't have to.
Score: 2 Votes (Like | Disagree)
redscull Avatar
redscull
145 months ago
Google is flat out full of bologna. This is their bug, irrefutably.

Sure, it's true that local storage is shared between incognito and normal modes, but it's also trivial to prefix all your storage keys with "incognito-" while reading/writing in incognito mode, and ensuring that normal mode never reads/writes storage keys prefixed with "incognito-".

Would your sensitive data still be on your system? Yeah, chrome would have to periodically clear all "incognito-" prefixed keys' values to resolve that. But at least these sensitive values would never be displayed via the browser. Only a data miner with access to your file system could get at them.

This kind of fix could be performed by a novice engineer. It is an embarrassing bug, not Apple's fault. Not unavoidable.
Score: 2 Votes (Like | Disagree)
Read All Comments

Popular Stories

iPhone SE 4 Thumb 1

iPhone SE 4 With Apple's Own 5G Modem 'Confirmed' to Launch in March

Tuesday November 19, 2024 12:12 pm PST by
Barclays analyst Tom O'Malley and his colleagues recently traveled to Asia to meet with various electronics manufacturers and suppliers. In a research note this week, outlining key takeaways from the trip, the analysts said they have "confirmed" that a fourth-generation iPhone SE with an Apple-designed 5G modem is slated to launch towards the end of the first quarter next year. In line with previo...
Read Full Article117 comments
airtag purple

AirTag 2 Rumored to Launch Next Year With These New Features

Sunday November 17, 2024 5:18 am PST by
Apple released the AirTag in April 2021, so it is now three over and a half years old. While the AirTag has not received any hardware updates since then, a new version of the item tracking accessory is rumored to be in development. Below, we recap rumors about a second-generation AirTag. Timing Apple is aiming to release a new AirTag in mid-2025, according to Bloomberg's Mark Gurman....
Read Full Article96 comments
Magic Mouse Next to Keyboard

No, Apple CEO Tim Cook Didn't Say He Prefers Logitech's MX Master 3 Over the Magic Mouse

Sunday November 17, 2024 3:03 pm PST by
While the Logitech MX Master 3 is a terrific mouse for the Mac, reports claiming that Apple CEO Tim Cook prefers that mouse over the Magic Mouse are false. The Wall Street Journal last month published an interview with Cook, in which he said he uses every Apple product every day. Soon after, The Verge's Wes Davis attempted to replicate using every Apple product in a single day. During that...
Read Full Article327 comments
Generic iOS 18 Feature Real Mock

Apple Releases iOS 18.1.1 and iPadOS 18.1.1 With Security Fixes

Tuesday November 19, 2024 10:10 am PST by
Apple today released iOS 18.1.1 and iPadOS 18.1.1, minor updates to the iOS 18 and iPadOS 18 operating systems that debuted earlier in September. iOS 18.1.1 and iPadOS 18.1.1 come three weeks after the launch of iOS 18.1. The new software can be downloaded on eligible iPhones and iPads over-the-air by going to Settings > General > Software Update. Apple has also released iOS 17.7.2 for...
Read Full Article28 comments
at t turbo indicator iphone 16 pro max v0 8hrh7w5f3w1e1

AT&T Turbo Indicator Showing Up in iPhone Status Bar for Subscribers

Wednesday November 20, 2024 3:42 am PST by
AT&T has begun displaying "Turbo" in the iPhone carrier label for customers subscribed to its premium network prioritization service, according to reports on Reddit. The new indicator seems to have started appearing after users updated to iOS 18.1.1, but that could be just coincidence. Image credit: Reddit user No_Highlight7476 The Turbo feature provides enhanced network performance through ...
Read Full Article89 comments
iPhone 17 Slim Feature Single Camera 1 Redux

'iPhone 17 Air' Rumored to Surpass iPhone 6 as Thinnest iPhone Ever

Monday November 18, 2024 1:07 pm PST by
In a research note with Hong Kong-based investment bank Haitong today, obtained by MacRumors, Apple analyst Jeff Pu said he agrees with a recent rumor claiming that the so-called "iPhone 17 Air" will be around 6mm thick. "We agreed with the recent chatter of an 6mm thickness ultra-slim design of the iPhone 17 Slim model," he wrote. If that measurement proves to be accurate, there would be ...
Read Full Article155 comments
bug security vulnerability issue fix larry

Make Sure to Update: iOS 18.1.1 and macOS Sequoia 15.1.1 Fix Actively Exploited Vulnerabilities

Tuesday November 19, 2024 10:52 am PST by
The iOS 18.1.1, iPadOS 18.1.1, and macOS Sequoia 15.1.1 updates that Apple released today address JavaScriptCore and WebKit vulnerabilities that Apple says have been actively exploited on some devices. With the JavaScriptCore vulnerability, processing maliciously crafted web content could lead to arbitrary code execution. The WebKit vulnerability had the same issue with maliciously crafted...
Read Full Article69 comments