Google Patches 23-Year-Old Chrome Security Flaw That Could Expose Browsing History
Google has recently resolved a longstanding security vulnerability in its Chrome browser, which had the potential to reveal sensitive details about users’ browsing history. The flaw, present for over two decades, allowed websites to track links users had clicked in the past, jeopardizing privacy.
A 23-Year-Old Bug Exposed Browsing Activity
The issue arose from how Chrome handled cookies associated with visited links. These cookies were “unpartitioned,” meaning if a user clicked on a link on one site, it would register as visited on any other site displaying that same link, even if unrelated. This design flaw allowed websites—especially malicious ones—to detect previously visited links based on their “visited” styling, leaking browsing history.
For instance, if a user browsed Site A, clicked a link to Site B, and later visited “Site Evil,” the latter could infer that the user had visited Site B by checking whether the link was styled as visited.
Update Corrects the Flaw in the Latest Chrome Release
Google has patched the issue in the Chrome 136 update. The fix ensures that data on clicked links is now stored separately, preventing cross-website sharing of that information. The update is already available to Chrome Beta users and will soon be rolled out to the entire user base.
This flaw, which has been a privacy concern for years, was first uncovered by security researcher Andrew Clover in 2002. It was later shown to affect other browsers, including Safari, Opera, Internet Explorer, and Mozilla Firefox, in a 2009 research paper.
Users are advised to update their browsers to the latest version of Chrome to ensure enhanced privacy and security.
