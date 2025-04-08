Ancient flaw that allowed hackers to view browsing history patched by Chrome

News
By published

Chrome is finally fixing the clicked links color issue

Google Chrome on macOS
New features are coming to Google Chrome (Image credit: Shutterstock - slyellow)
  • A UX feature that helps users determine which links they visited in the past can be abused
  • Over the years, there were multiple attempts to fix it
  • Google claims the next version of Chrome finally addresses it

Google is finally fixing a vulnerability in Chrome that’s been present since its very inception, and that could be used to spy on people’s browsing habits.

In a blog post published early April, Google’s Kyra Seevers explained that when a person clicks on a link displayed in a web page, it turns from blue to purple. The idea behind this design was to improve the user experience and help people navigate the web easier. This change of state is handled by CSS.

However, malicious actors found different ways to abuse this UX feature to spy on people’s browsing habits. For example, a malicious website could include thousands of links to popular websites, but style them in a way that the visitors don’t actually see them. The site then uses JavaScript or CSS to check which of those links should appear purple, effectively learning which sites the victim already visited.

Monitor your credit score with TransUnion starting at $29.95/month

Monitor your credit score with TransUnion starting at $29.95/month

TransUnion is a credit monitoring service that helps you stay on top of your financial health. With real-time alerts, credit score tracking, and identity theft protection, it ensures you never miss important changes. You'll benefit from a customizable online interface with clear insights into your credit profile. Businesses also benefit from TransUnion’s advanced risk assessment tools.

Preferred partner (What does this mean?)

View Deal

Chrome 136 to the rescue

Apparently, the problem is not limited to Chrome but instead is present on most browsers these days. In fact, the problem predates the Chrome browser, which was first introduced in 2008.

“These attacks can reveal which links a user has visited and leak details about their web browsing activity,” Seevers explained. “This security problem has plagued the web for over 20 years, and browsers have deployed various stop-gaps to mitigate these history detection attacks. While the attacks are slowed down by these mitigations, they are not eliminated.”

However, the next version of the browser, Chrome 136, is supposed to “render these attacks obsolete.” This is accomplished by partitioning :visited link history, Seevers further stated.

We won’t bore you with the technicalities of the solution, but if you’re interested in reading them, make sure to check out Seevers’ blog here.

Chrome 136 is scheduled for release in late April 2025.

Via The Register

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

More about security
A smartphone on a sofa showing the WhatsApp, Telegram and Signal apps

WhatsApp vulnerability that allowed hackers to share .exe files as images patched
Android reboot interface

Actively exploited vulnerabilities patched on Android in latest security update
Nintendo Switch eShop

Nintendo confirms the Switch 2 eShop won't have any music, but there's a good reason why
See more latest
Most Popular
Nintendo Switch eShop
Nintendo confirms the Switch 2 eShop won't have any music, but there's a good reason why
A close up of the Nintendo Switch 2 console on a stand
Firaxis Games is 'extremely happy' with the Nintendo Switch 2 hardware, says Nintendo thought Sid Meier's Civilization 7 was 'a great showcase' for the console's mouse mode
Audio-Technica AT-LP60XBT-GD on a wooden table, with a stack on vinyl beside it
Audio-Technica’s limited-edition $199 gold turntable is the reason I’ll be waiting in line at 8am on Record Store Day
Hulu app on an iPhone
Hulu's back after being down for many – here's everything we know
An iPhone beside a laptop.
Court confirms Apple is suing UK government over encryption backdoor request
A smartphone on a sofa showing the WhatsApp, Telegram and Signal apps
WhatsApp vulnerability that allowed hackers to share .exe files as images patched
GitHub Copilot
GitHub Copilot launches new AI tools, but also limits on its premium models
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Wednesday, April 9 (game #668)
Quordle on a smartphone held in a hand
Quordle hints and answers for Wednesday, April 9 (game #1171)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Wednesday, April 9 (game #402)