Google Chrome 136 Getting Update with 20-Year-Old Visited Links Privacy Bug Fix
Google Chrome’s version 136, released in April 2025, introduces :visited link partitioning, a revolutionary feature that fix a privacy flaw plaguing the web for over two decades. As the first major browser to implement this robust defense, Chrome ensures users’ browsing histories remain shielded from prying eyes, marking a significant leap forward in online security. […] The post Google Chrome 136 Getting Update with 20-Year-Old Visited Links Privacy Bug Fix appeared first on Cyber Security News.
Google Chrome’s version 136, released in April 2025, introduces :visited link partitioning, a revolutionary feature that fix a privacy flaw plaguing the web for over two decades.
As the first major browser to implement this robust defense, Chrome ensures users’ browsing histories remain shielded from prying eyes, marking a significant leap forward in online security.
Eliminating History Detection Exploits
Since the internet’s early days, the CSS :visited selector has enabled websites to style clicked links often turning them purple to enhance navigation.
This feature, while user-friendly, created a vulnerability, malicious sites could detect :visited styling to infer which sites a user had visited.
For example, if a user clicked a link to Site B from Site A, a rogue Site Evil could later display that same link and exploit its :visited status to confirm the user’s visit to Site B.
Previous browser mitigations, such as limiting styling options, slowed these history detection attacks but failed to eradicate them.
Chrome’s :visited link partitioning addresses this flaw head-on by storing link history with contextual details—specifically, the link URL, top-level site, and frame origin.
Now, a link only appears as :visited on the site where it was clicked, preventing cross-site leaks. In the same scenario, Site Evil’s link to Site B would remain unstyled unless the user clicked it there, rendering exploits futile.
This partitioning transforms :visited history from a global, vulnerable list into a secure, context-specific record, safeguarding users’ privacy with unprecedented precision.
“This is a defining moment for browser security,” Google said. “With :visited link partitioning, Chrome eliminates a long-standing privacy risk while preserving the seamless experience users expect. We’re committed to building a safer web for everyone.”
Enhancing Usability Without Compromising Security
Recognizing the importance of intuitive navigation, Chrome introduces a “self-links” carveout to balance privacy with usability.
This feature allows a website to style links to its own subpages as :visited, even if they were clicked from a different context. For instance, while browsing Site.Wiki’s page on gold, links to its chrome and brass pages will appear visited if the user accessed them previously, regardless of the referring site.
Since websites can already track their own subpages, this exception reveals no new information, preserving the privacy protections of partitioning.
Crucially, the carveout excludes third-party links and iframes, ensuring no loopholes for cross-site tracking. This thoughtful design maintains the familiar ease of navigating within a site while upholding stringent security standards.
The fix is now available in the Chrome Beta channel and is set to roll out in the stable release of Chrome 136 on April 23, 2025. Users are encouraged to provide feedback or report any issues through the Chromium bug tracker.
By redefining how browsing history is handled, Chrome not only preserves the utility of visited link styling but also delivers a safer, more private web experience for all.
Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!
The post Google Chrome 136 Getting Update with 20-Year-Old Visited Links Privacy Bug Fix appeared first on Cyber Security News.
