Crashing Privacy: An Autopsy of a Web Browser's Leaked Crash Reports

Harm to the privacy of users through data leakage is not an unknown issue, however, it has not been studied in the context of the crash reporting system. Automatic Crash Reporting Systems (ACRS) are used by applications to report information about the errors happening during a software failure. Although crash reports are valuable to diagnose errors, they may contain users' sensitive information. In this paper, we study such a privacy leakage vis-a-vis browsers' crash reporting systems. As a case study, we mine a dataset consisting of crash reports collected over the period of six years. Our analysis shows the presence of more than 20,000 sessions and token IDs, 600 passwords, 9,000 email addresses, an enormous amount of contact information, and other sensitive data. Our analysis sheds light on an important security and privacy issue in the current state-of-the-art browser crash reporting systems. Further, we propose a hotfix to enhance users' privacy and security in ACRS by removing sensitive data from the crash report prior to submit the report to the server. Our proposed hotfix can be easily integrated into the current implementation of ACRS and has no impact on the process of fixing bugs while maintaining the reports' readability.