This isn't surprising if you've been following Chrome. By some metrics it's the most used browser now, and they dropped support for NPAPI plugins (like Java) due to security concerns. Oracle's official reply to this has been "use Firefox" which in my opinion was incredibly short sighted, unless they feel Java just won't work using PPAPI. Who on earth is going to use a plugin in their website that doesn't support one of the biggest browsers? That person would have to build a fallback for Chrome, and at that point they might as well just ditch Java and use the fallback for all browsers if it's good enough.
All modern OSs will initialize the memory because there is a clear security issue with allowing one application access to the old contents of a random block of memory. It could contain passwords or who knows what else.
On the other hand, GPU memory is primarily used for rendering graphics. The security implications are less severe if information leaks. Has there ever been any guarantee information won't leak? So why do users assume that it won't? It is likely NOT cleared for speed reasons. Everyone wants a fast GPU cheap. Well, that's one way to get speed boost on allocation operations I'm sure.
It really should be Chrome's responsibility to zero out their GPU memory when they're done with it, to prevent information leakage. That's what incognito mode does with regards to history, cache, and cookies, so why not GPU memory?
Yeah. Your GPU was not designed with security of the information stored in it in mind. It was designed to play video games and a few other things, and it's not a big deal if a few of your game textures leak, if it means the GPU can be slightly faster at managing its memory. The responsibility should be Chrome's to clear out its GPU memory in incognito mode after it's done using it.
Life would be so much easier if we could just look at the source code. -- Dave Olson