Google Chrome receives a significant security update as the tech giant addresses a major security vulnerability in the browser. Specifically, the Chrome flaw exposed users’ browsing history to websites, including any malicious links set up by threat actors.
Google Chrome Flaw Exposed Browsing History
Reportedly, a sneaky security issue rigged Chrome browser for several years, potentially risking users’ privacy. The flaw existed in Google Chrome for over 20 years, exposing users’ browsing history.
Explaining the matter in a post, Google’s Engineer Kyra Seevers described how the tech giant addressed this old issue with Chrome 136.
Specifically, it’s a common phenomenon to see the color of previously visited links changed from blue to purple. This apparent UI change was achieved using the CSS :visited selector. Once a user visits a link, it appears purple across all other websites displaying that link, sharing the previously visited status of the former link to the newly visited site.
While it seems a harmless design feature for users’ convenience, this customizability also makes it easy for the threat actors to track users’ browsing history and activity. An attacker could also log a victim user’s browsing activities by tricking the user into visiting a maliciously crafted website, including other links. Any previously visited websites would appear purple there, even if the user didn’t click those links when visiting the malicious site.
Google Deployed Link Partitioning As A Fix
This exposure of previously visited link logs became possible due to a lack of segregation for previously visited and new websites. To address this vulnerability, Google has implemented :visited link partitioning with the latest Chrome release. This partitioning prevents :visited styling on visited URLs across unrelated websites. Instead, it would only appear on sites browsing which the user clicked on a specific link to visit.
This detail will, however, remain visible to the website even if the user visited a link in the past. Nonetheless, it will not expose such browsing activities to websites that the user doesn’t use for visiting another link, even if it includes those links.
Summarizing this phenomenon in the post, Seevers stated,
Partitioning refers to storing your links with additional information about where they were clicked. In Chrome, this is: link URL, top-level site, and frame origin. With partitioning enabled, your
:visitedhistory is no longer a global list that any site can query. Instead, your:visitedhistory is “partitioned” or separated by the context where you visited that link from in the first place.
Besides, the sub-pages of a website (self-links), even if the user doesn’t click on them in a specific context, will also remain visible as :visited to a website.
A site can display its own subpages as
:visited, even if these links were not clicked in this context before. Because sites have other methods of tracking whether a user has visited its subpages, no new information is given to these sites with the introduction of self-links.
Users can experience this change starting with Google Chrome 136. Nonetheless, for curious users, Google allows enabling this feature via chrome://flags by typing “#partition-visited-link-database-with-self-links” in the search bar.
Let us know your thoughts in the comments.
