Crashing Privacy: An Autopsy of a Web Browser's Leaked Crash Reports

TL;DR

This paper investigates privacy leaks in browser crash reporting systems by analyzing six years of crash data, revealing sensitive information exposure, and proposes a hotfix to mitigate privacy risks without hindering bug diagnosis.

Contribution

It uncovers significant privacy leaks in crash reports and introduces an easily integrable hotfix to remove sensitive data before report submission.

Findings

Over 20,000 sessions and token IDs exposed

Detected 600 passwords and 9,000 email addresses

Identified privacy risks in current crash reporting systems

Abstract

Harm to the privacy of users through data leakage is not an unknown issue, however, it has not been studied in the context of the crash reporting system. Automatic Crash Reporting Systems (ACRS) are used by applications to report information about the errors happening during a software failure. Although crash reports are valuable to diagnose errors, they may contain users' sensitive information. In this paper, we study such a privacy leakage vis-a-vis browsers' crash reporting systems. As a case study, we mine a dataset consisting of crash reports collected over the period of six years. Our analysis shows the presence of more than 20,000 sessions and token IDs, 600 passwords, 9,000 email addresses, an enormous amount of contact information, and other sensitive data. Our analysis sheds light on an important security and privacy issue in the current state-of-the-art browser crash reporting systems. Further, we propose a hotfix to enhance users' privacy and security in ACRS by removing sensitive data from the crash report prior to submit the report to the server. Our proposed hotfix can be easily integrated into the current implementation of ACRS and has no impact on the process of fixing bugs while maintaining the reports' readability.