Abstract: Browser plug-ins and extensions increase the complexity of private browsing, and can destroy completely the security of the browser privacy mode. Based on the browser security model mechanism the paper analyzes the validity and sustainability of the public and privacy mode data state sets, public and privacy mode conversion process data continuity, also analyzes CPH and SSL client key violation of the browser privacy mode. Finally, an improved private browsing mode strategy is proposed to prevent unintentional leakage of user privacy extended event information to the intruder, and to keep the security of browser extensions and plug-ins.