Almost every platform or service has its own security vulnerabilities — and Chrome is no exception. Recently, Google has already fixed several serious issues that could have given attackers access to sensitive data in the browser, and now it’s fixing another important bug.
Google has patched a critical vulnerability in Chrome — one that has actually existed since day one and allowed third parties to learn what sites you’ve visited.
The problem lay in a seemingly simple feature: when you click on a link, it changes color from blue to purple (or another color, depending on the site’s settings). But it was this visual detail that became the basis for a years-long privacy hole that could «quietly» give away part of your browsing history.
Google explained how this worked: sites could style links through the :visited — selector and change their appearance if you had already followed them, regardless of where you did so. This way, other sites could run scripts that checked which links had already turned purple — and actually snooped on where you’d been on the web.
It’s not just about privacy. Google called it a «deep architecture flaw» that created serious risks — from surveillance and profiling to phishing. The fix was delayed, but we finally got it.
How the vulnerability worked
You are browsing site A and click a link to site B. In this case, site B is saved in the :visited history. Later, you visit the Evil website, which also has a link to site B. Without limitation, your browser will show this link as already visited (:visited) — even if you did not click it on the Evil website. Evil can then use this feature to find out if the link looks like :visited —, meaning that you have previously visited site B. This is how the information from the browsing history flowed.
The next update of Chrome will introduce a mechanism of triple-key partitioning. This means that the browser will no longer track visited links globally. Chrome will now take into account three factors to determine whether a link has been visited:
- the link URL itself;
- top-level website (the one in the address bar);
- the origin of the frame where the link appears.
In other words, a link will now be considered visited only if you have clicked on it before on the same site and in the same frame. No more tricky tracking through other sites.
So, with the release of Chrome 136, which is scheduled for the end of April, Google will finally put an end to the 20-year old privacy problem by completely changing the way it displays visited links.
RecentlyChrome added tools to control «gluttonous tabs»and improve browser performance.
Source: phonearena