Temporary data caches cleared when user logs out or uninstalls

ab-001317 · extension-data-privacy.third-party-sharing.cache-cleanup

Severity: lowactive

Why it matters

GDPR Art. 5(1)(e) requires personal data not be retained longer than necessary — cached session data that survives a logout or uninstall violates this principle. A user who logs out of an extension expecting their session to be cleared can still have their data re-accessed if the extension is re-opened without re-authentication. GDPR Art. 17 (right to erasure) is practically impossible to honor if cached data persists beyond logout. CWE-212 (Improper Removal of Sensitive Information Before Storage or Transfer) covers this failure. Uninstall handlers that do not clear extension storage leave personal data on the user's device indefinitely — often forgotten and never cleaned up.

Severity rationale

Low because data persistence after logout is a latent privacy risk rather than an immediate exfiltration — but it directly violates GDPR Art. 5(1)(e) storage limitation and makes Art. 17 erasure requests unenforceable.

Remediation

Implement a logout() function that clears all session state, and hook it to the extension's uninstall event:

function logout() {
  // Clear in-memory state
  currentUser = null;
  sessionCache = {};

  // Clear extension storage keys written during the session
  chrome.storage.local.remove(['authToken', 'sessionId', 'cachedProfile']);
}

// Clear on uninstall — chrome.runtime.setUninstallURL can trigger server-side cleanup
// For local cleanup, use onSuspend in MV2 or alarm-based cleanup in MV3
chrome.storage.local.get(null, (items) => {
  const sessionKeys = Object.keys(items).filter(k => k.startsWith('session_'));
  chrome.storage.local.remove(sessionKeys);
});

Document which storage keys are session-scoped vs. persistent preferences, and ensure logout() targets only session keys to avoid destroying legitimate user settings on re-install.

Detection

ID: cache-cleanup
Severity: low
What to look for: Examine the logout flow and uninstall handlers. Check whether temporary caches (in-memory state, sessionStorage, temporary IndexedDB tables, or chrome.storage.local session data) are cleared when the user logs out or the extension is uninstalled.
Pass criteria: Count all storage keys written during a session. Logout must clear at least 100% of session-specific keys (in-memory caches and session storage). Uninstall handler clears all temporary data (optional: can keep preferences if user reinstalls, but session data should be cleared).
Fail criteria: Logout does not clear cached data. Cache entries persist after logout and can be re-accessed. Uninstall does not trigger cleanup.
Skip (N/A) when: The extension has no logout flow (no user accounts), or no temporary caches are maintained.
Detail on fail: Example: "User logs out but authToken remains in chrome.storage.local, accessible if extension is used again" or "In-memory cache of user profile is not cleared on logout; private data persists."

Remediation: Clear caches on logout and uninstall:

function logout() {
  // Clear memory
  currentUser = null;
  sessionCache = {};

  // Clear temporary storage
  chrome.storage.local.remove(['authToken', 'sessionId']);

  // Clear IndexedDB temp tables if needed
  indexedDB.deleteDatabase('tempData');
}

chrome.runtime.onInstalled.addListener(({ reason }) => {
  if (reason === 'chrome_update') return;
  // Optional: clear all data on uninstall
  chrome.storage.local.clear();
});

External references

gdpr · Art. 5(1)(e) — Storage limitation — data not kept longer than necessary
gdpr · Art. 17 — Right to erasure ('right to be forgotten')
cwe · CWE-212 — Improper Removal of Sensitive Information Before Storage or Transfer

Taxons

data-integrity privacy-consent

History

2026-04-18·v1.0.0·Initial import from extension-data-privacy·automated