CyberSecurityBoard
Sponsor Register Login

Chrome 136 fixes 20-year browser history privacy risk

Instead of storing link visits globally, Chrome now partitions each visited link using three keys, namely link URL (link target), top-level site (address bar domain), and frame origin (origin of the frame where the link is rendered). This ensures that a link will only appear as :visited on the same site and in the same frame origin where the user previously clicked it, eliminating cross-site history leaks. The system displays this color change regardless of which site they were on when they clicked the link, allowing other sites to potentially use creative scripts that leak the user's browsing history. To preserve usability, Google added a "self-links" exception, so visited links of a site will still be marked as visited on that site even if the user clicked them from a different site. ​Google is fixing a long-standing privacy issue that, for years, enabled websites to determine users' browsing history through the previously visited links. The upcoming release of Google Chrome, version number 136, will finally address the 20-year problem by implementing a triple-key partitioning of "visited" links. A website already knows which pages the user has visited, so this exception does not introduce an unwanted history leak. Safari also applies restrictions and uses aggressive privacy protections like Intelligent Tracking Prevention, somewhat mitigating the leaks, but there's no partitioning to block all attacks. Researchers demonstrated multiple classes of attacks in the past linked to this privacy gap, including timing, pixel, user interaction, and process-level attacks. Bill Toulas Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks. The new :visited isolation was introduced as an experimental feature on Chrome version 132 and is expected to be turned on by default on Chrome 136 (upcoming).

This Cyber News was published on www.bleepingcomputer.com. Publication date: Sun, 13 Apr 2025 21:14:04 +0000


Cyber News related to Chrome 136 fixes 20-year browser history privacy risk

CVE-2025-21884 - In the Linux kernel, the following vulnerability has been resolved: ...
2 weeks ago
Privacy Education for Students: A Vital Curriculum Component - Recognizing privacy as a fundamental right, educators are increasingly acknowledging the importance of integrating privacy education into the curriculum. This article explores the significance of privacy education for students and its role as a vital ...
1 year ago Securityzap.com
Privacy Isn't Dead. Far From It. - EFF is one of dozens, if not hundreds, of organizations that work to protect privacy. Millions of people read EFF's website each year, and tens of millions use the tools we've made, like Privacy Badger. Privacy is one of EFF's biggest concerns, and ...
1 year ago Eff.org
Holistic Approach To Privacy and Security in Tech - In this article, I would like to explain how I tackle privacy and security issues that are specific for large scale web and mobile applications and Big Tech. First, let's outline some of the biggest challenges Big Tech companies deal with in terms of ...
1 year ago Feeds.dzone.com
User-Friendly Update: Clear Your Chrome History on Android with Ease - As part of its commitment to keeping users happy, Google Chrome prioritizes providing a great experience - one of the latest examples of this is a new shortcut that makes it easier to clear browsing data on Android. Chrome has made deleting users' ...
1 year ago Cysecurity.news
Building a Privacy-Centric Organization with FireMon - As organizations increasingly rely on technology to streamline operations and connect with customers, the need for robust privacy measures has become more critical than ever. Here at FireMon, we play a pivotal role in building a privacy-centric ...
1 year ago Securityboulevard.com
16 top ERM software vendors to consider in 2024 - Enterprise risk management software helps organizations identify, mitigate and remediate business risks, which can lead to improved business performance. The risk management market is rapidly evolving from separate tools across different risk domains ...
1 year ago Techtarget.com
Chrome 136 fixes 20-year browser history privacy risk - Instead of storing link visits globally, Chrome now partitions each visited link using three keys, namely link URL (link target), top-level site (address bar domain), and frame origin (origin of the frame where the link is rendered). This ensures ...
2 days ago Bleepingcomputer.com
Enhancing Home Privacy with Technology: Your Digital Shield - In an ever-evolving world, technology has become increasingly integral to home privacy. Smart lock systems, video doorbells, motion sensors, security cameras, and automated privacy settings are some of the popular home privacy tech options available. ...
1 year ago Securityzap.com Meow
Protecting Student Privacy Online - In the rapidly evolving world of online education, the protection of student privacy has emerged as a critical concern. This article delves into the privacy risks associated with online education and highlights the significance of complying with ...
1 year ago Securityzap.com
Master Security by Building on Compliance with A Risk-Centric Approach - In recent years, a confluence of circumstances has led to a sharp rise in IT risk for many organizations. That's why a proactive approach to seeing, understanding, and acting on risk is key to improving the effectiveness of defenses in place to meet ...
1 year ago Cyberdefensemagazine.com
Business Data Privacy Laws: Compliance and Beyond - Governments worldwide have implemented strict data privacy laws to protect individuals' information in the face of increasing cyber threats and data breaches. Let's dive into the world of business data privacy laws as we navigate the complexities of ...
1 year ago Securityzap.com
ProcessUnity Introduces Industry's All-In-One Third-Party Risk Management Platform - PRESS RELEASE. BOSTON-(BUSINESS WIRE)- ProcessUnity, provider of comprehensive end-to-end third-party risk management and cybersecurity solutions to leading enterprises, today announced the completed integration of the Global Risk Exchange. The newly ...
1 year ago Darkreading.com
How to Build a Cyber Risk Tolerance Statement for Your Organization as a CISO - Creating an effective cyber risk appetite statement requires a structured approach that begins with a thorough understanding of your organization’s risk profile, business model, and strategic objectives. A well-defined cyber risk appetite ...
16 hours ago Cybersecuritynews.com
My Yearly Look Back, a Look Forward and a Warning - 2023 saw cybersecurity and privacy law arrive at a crossroads, especially with regard to the regulatory landscape. This is the time of year when it is traditional to look back at the past year and extrapolate forward to make predictions for the year ...
1 year ago Securityboulevard.com
Year In Review: Google's Corporate Paternalism in The Browser - It's a big year for the oozing creep of corporate paternalism and ad-tracking technology online. Google and its subsidiary companies have tightened their grips on the throat of internet innovation, all while employing the now familiar tactic of ...
1 year ago Eff.org
Privacy Badger Puts You in Control of Widgets - The latest version of Privacy Badger replaces embedded tweets with click-to-activate placeholders. This is part of Privacy Badger's widget replacement feature, where certain potentially useful widgets are blocked and then replaced with placeholders. ...
1 year ago Eff.org
Key Takeaways from the Gartner® Market Guide for Insider Risk Management - Insider risk incidents are on the rise and becoming more costly to contain. As a result, earlier this year, Gartner predicted that 50% of all medium to large enterprises would adopt insider risk programs. The report reveals several key findings about ...
1 year ago Securityboulevard.com
Thought GDPR Compliance Was Hard? Buckle Up - COMMENTARY. Five years since the European Union's General Data Protection Regulation took effect, its fingerprints are everywhere: from proliferating privacy laws worldwide to the now-ubiquitous consent banners seen across websites of every kind. For ...
1 year ago Darkreading.com Patchwork
What CISOs Need to Know About Data Privacy in 2024 - While consumers continue to demand stronger personal data protections, companies are scrambling to keep track of an ever-evolving patchwork of applicable laws and regulations. In this environment, cybersecurity professionals need to understand the ...
1 year ago Cybersecurity-insiders.com Patchwork
Transcend enhances its privacy platform to address current and future compliance challenges - Transcend announced an expansion of its product suite-going even further to help the world's best brands manage complex privacy compliance challenges. Powering privacy for Fortune 100 companies, the global 2000s, and high-growth start-ups, Transcend ...
1 year ago Helpnetsecurity.com
Key elements for a successful cyber risk management strategy - In this Help Net Security interview, Yoav Nathaniel, CEO at Silk Security, discusses the evolution of cyber risk management strategies and practices, uncovering common mistakes and highlighting key components for successful risk resolution. Nathaniel ...
1 year ago Helpnetsecurity.com
Google Chrome 136 Getting 20-Year-Old Visited Links Privacy Bug Fix - Chrome’s :visited link partitioning addresses this flaw head-on by storing link history with contextual details—specifically, the link URL, top-level site, and frame origin. Google Chrome’s version 136, released in April 2025, introduces ...
1 day ago Cybersecuritynews.com
Telus Makes History with ISO Privacy Certification in AI Era - Telus, a prominent telecoms provider, has accomplished a significant milestone by obtaining the prestigious ISO Privacy by Design certification. This certification represents a critical turning point in the business's dedication to prioritizing ...
1 year ago Cysecurity.news
A Cybersecurity Risk Assessment Guide for Leaders - Now more than ever, keeping your cyber risk in check is crucial. In the first half of 2022's Cyber Risk Index, 85% of the survey's 4,100 global respondents said it's somewhat to very likely they will experience a cyber attack in the next 12 months. ...
2 years ago Trendmicro.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)