The Technology Express
Now Reading
Google Patches 23-Year Chrome Bug Exposing Browsing History
The Technology Express
The Technology Express
Dark Light

Google Patches 23-Year Chrome Bug Exposing Browsing History

April 14, 2025
Google Chrome logo representing browser security update fixing long-standing privacy flaw.

A long-standing flaw in Google Chrome, first highlighted in 2002, has finally been resolved. Surprisingly, the vulnerability had remained in place for over 23 years, potentially exposing users’ browsing history to malicious websites. The issue, tied to how visited links were displayed across sites, existed in multiple browsers but is now being addressed with Chrome’s latest update.

If you’ve ever noticed that links turn purple after being clicked, you’re not alone. However, this simple feature was tied to a serious design flaw. According to Google’s recent blog post, visited link data was stored in a way that wasn’t isolated per site. This meant that if you clicked a link on one website, it would appear as “visited” on another unrelated site displaying the same URL.

This flaw made it possible for malicious websites to determine your browsing history. For example, if you visited Site B through Site A, then later landed on a malicious “Site Evil,” the latter could detect that Site B had already been visited. This loophole opened the door to subtle yet effective privacy breaches.

How the Exploit Worked and Why It Lasted

The core of the issue was something Google described as an “unpartitioned state.” This allowed link visit data to be accessible across sites, without isolation. Although simple in concept, the implications were significant. In fact, security researcher Andrew Clover demonstrated a working exploit back in 2002. He referenced earlier research by Princeton University, which had already pointed out how timing attacks could reveal private browsing data.

Although the flaw affected Chrome most recently, it wasn’t exclusive to Google’s browser. Research from 2009 showed similar vulnerabilities in Safari, Firefox, Internet Explorer, and Opera. Clearly, this was a widespread problem with deep historical roots.

See Also
A large advertisement featuring Plus500, promoting their services with the tagline "The Trading Experience You Deserve." The advertisement indicates that Plus500 has secured an SCA license, allowing them to expand across the UAE mainland. The scene includes various vehicles in traffic, emphasizing the bustling urban environment in which the advertisement is displayed.
Plus500 Secures SCA License to Expand Operations Across UAE Mainland

A Long-Awaited Fix Arrives

Fortunately, Google has now fixed the flaw in Chrome version 136. The new approach ensures that data about visited links is stored separately for each site. As a result, one site can no longer detect your activity on another. The update is currently available on the Chrome Beta channel and will be rolled out more broadly soon.

This fix marks a major step toward better browser privacy. While it may have taken over two decades to implement, the change reflects Google’s increasing focus on protecting users from subtle but serious online threats.

View Comments (0)

Leave a Reply

Your email address will not be published.

© 2024 The Technology Express. All Rights Reserved.