Google Fixes 23-Yr-Previous Chrome Flaw That Might Leak Your Browser Historical past

In the event you’ve spent a good period of time on the internet, you’ve in all probability seen that blue hyperlinks flip purple after you click on on them. However you in all probability did not understand that this small element facilitated a two-decades-old safety flaw that might have revealed delicate particulars about your searching historical past, and which Google has solely simply patched. 

Explaining the flaw in a current weblog, Google mentioned the browser cookies indicating whether or not or not you click on on a hyperlink had been what it known as “unpartitioned.” This meant that in the event you clicked a hyperlink, it will present as visited on each web site displaying that hyperlink, even when it was utterly unrelated.

Google known as this a “core design flaw,” because it probably leaked details about customers’ on-line exercise. “You’re searching on Website A and click on a hyperlink to go to Website B,” defined Google. “On this situation, Website B can be added to your visited historical past. Later, you may go to Website Evil, which creates a hyperlink to Website B as properly.”

Google highlighted that “Website Evil” might then use this safety exploit to be taught whether or not the hyperlink was styled as visited, discovering out that you have visited Website B previously—leaking details about your searching historical past within the course of.

The search big has now corrected the flaw within the newest Chrome replace and can retailer information on what hyperlinks you click on individually, with out sharing the information throughout completely different web sites. The replace is ready to roll out within the Chrome 136 replace and is already out there through the Chrome Beta channel.

The flaw is older than many Google staff. Safety researcher Andrew Clover posted a proof-of-concept assault primarily based on the flaw in 2002, citing a paper by Princeton researchers known as “Timing Assaults on Internet Privateness.”

It isn’t simply Google Chrome that was impacted by the issue. A 2009 analysis paper demonstrated how the bug triggered potential safety points in Apple’s Safari, Opera, Web Explorer, and Mozilla Firefox, The Register studies.

About Will McCurdy

Contributor

I’m a reporter masking weekend information. Earlier than becoming a member of PCMag in 2024, I picked up bylines in BBC Information, The Guardian, The Instances of London, The Day by day Beast, Vice, Slate, Quick Firm, The Night Commonplace, The i, TechRadar, and Decrypt Media.

I’ve been a PC gamer because you needed to set up video games from a number of CD-ROMs by hand. As a reporter, I’m passionate in regards to the intersection of tech and human lives. I’ve coated all the things from crypto scandals to the artwork world, in addition to conspiracy theories, UK politics, and Russia and overseas affairs.

Learn Will’s full bio

Learn the most recent from Will McCurdy