Google has recently addressed a longstanding security vulnerability in its Chrome browser, a flaw that has been around since the browser’s inception. This particular issue could have been exploited to monitor users’ browsing habits, presenting significant privacy concerns alongside security risks.
One feature at the core of the problem involves how visited links change color. Normally, when a user clicks a link, it alters from blue to purple.
While this might seem harmless, it inadvertently opened the door for tracking over a two-decade period. The flaw was not just about privacy; Google labeled it a “core design flaw,” as it facilitated tracking, profiling, and potentially phishing attacks.
The upcoming Chrome update will introduce triple-key partitioning, fundamentally changing how visited links are tracked. Instead of keeping a global record of visited links, the browser will consider three specific factors: the link’s actual URL, the top-level site (shown in the address bar), and the frame origin of the link.
As a result, a link will only appear as visited if the user has clicked it on the same site and in the same frame, effectively eliminating cross-site tracking. This change will be implemented in Chrome version 136, set to launch in late April.
Google has also addressed other high-severity issues that could lead to unauthorized access to sensitive data. In a detailed blog post, Google explained how the visited link problem could allow malicious sites to detect whether users had previously clicked on links, thus revealing their browsing history.
With this overhaul, Chrome aims to bolster user privacy and security significantly, putting an end to a 20-year-old vulnerability.