CyberSecurityBoard
Sponsor Register Login

Google Chrome 136 Getting 20-Year-Old Visited Links Privacy Bug Fix

Chrome’s :visited link partitioning addresses this flaw head-on by storing link history with contextual details—specifically, the link URL, top-level site, and frame origin. Google Chrome’s version 136, released in April 2025, introduces :visited link partitioning, a revolutionary feature that fix a privacy flaw plaguing the web for over two decades. For example, if a user clicked a link to Site B from Site A, a rogue Site Evil could later display that same link and exploit its :visited status to confirm the user’s visit to Site B. “With :visited link partitioning, Chrome eliminates a long-standing privacy risk while preserving the seamless experience users expect. For instance, while browsing Site.Wiki’s page on gold, links to its chrome and brass pages will appear visited if the user accessed them previously, regardless of the referring site. Now, a link only appears as :visited on the site where it was clicked, preventing cross-site leaks. By redefining how browsing history is handled, Chrome not only preserves the utility of visited link styling but also delivers a safer, more private web experience for all. As the first major browser to implement this robust defense, Chrome ensures users’ browsing histories remain shielded from prying eyes, marking a significant leap forward in online security. In the same scenario, Site Evil’s link to Site B would remain unstyled unless the user clicked it there, rendering exploits futile. This partitioning transforms :visited history from a global, vulnerable list into a secure, context-specific record, safeguarding users’ privacy with unprecedented precision. Since the internet’s early days, the CSS :visited selector has enabled websites to style clicked links often turning them purple to enhance navigation. This feature, while user-friendly, created a vulnerability, malicious sites could detect :visited styling to infer which sites a user had visited. This feature allows a website to style links to its own subpages as :visited, even if they were clicked from a different context. This thoughtful design maintains the familiar ease of navigating within a site while upholding stringent security standards.

This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 14 Apr 2025 06:10:13 +0000


Cyber News related to Google Chrome 136 Getting 20-Year-Old Visited Links Privacy Bug Fix

CVE-2025-21884 - In the Linux kernel, the following vulnerability has been resolved: ...
2 weeks ago
Google Chrome 136 Getting 20-Year-Old Visited Links Privacy Bug Fix - Chrome’s :visited link partitioning addresses this flaw head-on by storing link history with contextual details—specifically, the link URL, top-level site, and frame origin. Google Chrome’s version 136, released in April 2025, introduces ...
1 day ago Cybersecuritynews.com
Chrome 136 fixes 20-year browser history privacy risk - Instead of storing link visits globally, Chrome now partitions each visited link using three keys, namely link URL (link target), top-level site (address bar domain), and frame origin (origin of the frame where the link is rendered). This ensures ...
2 days ago Bleepingcomputer.com
Privacy Education for Students: A Vital Curriculum Component - Recognizing privacy as a fundamental right, educators are increasingly acknowledging the importance of integrating privacy education into the curriculum. This article explores the significance of privacy education for students and its role as a vital ...
1 year ago Securityzap.com
Google to Patch 23-years Old Chrome Vulnerability That Leaks Browsing History - However, this traditional implementation allowed any website to detect whether a visitor had previously accessed specific URLs by checking if the browser rendered those links as “visited,” effectively leaking browsing history across ...
1 week ago Cybersecuritynews.com
Privacy Isn't Dead. Far From It. - EFF is one of dozens, if not hundreds, of organizations that work to protect privacy. Millions of people read EFF's website each year, and tens of millions use the tools we've made, like Privacy Badger. Privacy is one of EFF's biggest concerns, and ...
1 year ago Eff.org
Holistic Approach To Privacy and Security in Tech - In this article, I would like to explain how I tackle privacy and security issues that are specific for large scale web and mobile applications and Big Tech. First, let's outline some of the biggest challenges Big Tech companies deal with in terms of ...
1 year ago Feeds.dzone.com
Google Chrome's new "IP Protection" will hide users' IP addresses - Google is getting ready to test a new "IP Protection" feature for the Chrome browser that enhances users' privacy by masking their IP addresses using proxy servers. Recognizing the potential misuse of IP addresses for covert tracking, Google seeks to ...
1 year ago Bleepingcomputer.com
Building a Privacy-Centric Organization with FireMon - As organizations increasingly rely on technology to streamline operations and connect with customers, the need for robust privacy measures has become more critical than ever. Here at FireMon, we play a pivotal role in building a privacy-centric ...
1 year ago Securityboulevard.com
Enhancing Home Privacy with Technology: Your Digital Shield - In an ever-evolving world, technology has become increasingly integral to home privacy. Smart lock systems, video doorbells, motion sensors, security cameras, and automated privacy settings are some of the popular home privacy tech options available. ...
1 year ago Securityzap.com Meow
Protecting Student Privacy Online - In the rapidly evolving world of online education, the protection of student privacy has emerged as a critical concern. This article delves into the privacy risks associated with online education and highlights the significance of complying with ...
1 year ago Securityzap.com
What CISOs Need to Know About Data Privacy in 2024 - While consumers continue to demand stronger personal data protections, companies are scrambling to keep track of an ever-evolving patchwork of applicable laws and regulations. In this environment, cybersecurity professionals need to understand the ...
1 year ago Cybersecurity-insiders.com Patchwork
My Yearly Look Back, a Look Forward and a Warning - 2023 saw cybersecurity and privacy law arrive at a crossroads, especially with regard to the regulatory landscape. This is the time of year when it is traditional to look back at the past year and extrapolate forward to make predictions for the year ...
1 year ago Securityboulevard.com
Business Data Privacy Laws: Compliance and Beyond - Governments worldwide have implemented strict data privacy laws to protect individuals' information in the face of increasing cyber threats and data breaches. Let's dive into the world of business data privacy laws as we navigate the complexities of ...
1 year ago Securityzap.com
Google Chrome Zero-Day Bug Under Attack, Allows Code Injection - Google has patched a high-severity zero-day bug in its Chrome Web browser that attackers are actively exploiting. The vulnerability, assigned as CVE-2024-0519, is the first Chrome zero-day bug that Google has disclosed in 2024, and the second in the ...
1 year ago Darkreading.com CVE-2024-0519 CVE-2024-0517 CVE-2024-0518 Hunters
Google Patches Another Chrome Zero-Day as Browser Attacks Mount - For the fourth time since August, Google has disclosed a bug in its Chrome browser technology that attackers were actively exploiting in the wild before the company had a fix for it. Integer Overflow Bug The latest zero-day, which Google is tracking ...
1 year ago Darkreading.com CVE-2023-6345 CVE-2023-4863 CVE-2023-5217 CVE-2023-28205 CVE-2023-32409 CVE-2023-28204 CVE-2023-32373
Thought GDPR Compliance Was Hard? Buckle Up - COMMENTARY. Five years since the European Union's General Data Protection Regulation took effect, its fingerprints are everywhere: from proliferating privacy laws worldwide to the now-ubiquitous consent banners seen across websites of every kind. For ...
1 year ago Darkreading.com Patchwork
Transcend enhances its privacy platform to address current and future compliance challenges - Transcend announced an expansion of its product suite-going even further to help the world's best brands manage complex privacy compliance challenges. Powering privacy for Fortune 100 companies, the global 2000s, and high-growth start-ups, Transcend ...
1 year ago Helpnetsecurity.com
Privacy Badger Puts You in Control of Widgets - The latest version of Privacy Badger replaces embedded tweets with click-to-activate placeholders. This is part of Privacy Badger's widget replacement feature, where certain potentially useful widgets are blocked and then replaced with placeholders. ...
1 year ago Eff.org
User-Friendly Update: Clear Your Chrome History on Android with Ease - As part of its commitment to keeping users happy, Google Chrome prioritizes providing a great experience - one of the latest examples of this is a new shortcut that makes it easier to clear browsing data on Android. Chrome has made deleting users' ...
1 year ago Cysecurity.news
Google Chrome now auto-upgrades to secure connections for all users - Google has taken a significant step towards enhancing Chrome internet security by automatically upgrading insecure HTTP requests to HTTPS requests for 100% of users. A limited rollout of this feature in Google Chrome began in July, but as of October ...
1 year ago Bleepingcomputer.com
Year In Review: Google's Corporate Paternalism in The Browser - It's a big year for the oozing creep of corporate paternalism and ad-tracking technology online. Google and its subsidiary companies have tightened their grips on the throat of internet innovation, all while employing the now familiar tactic of ...
1 year ago Eff.org
Mine's $30M boost will bring AI-based privacy to the enterprise - The shift in regulation for both consumer and employee privacy in both the U.S. and the European Union has increased an enterprise's responsibilities around privacy for both their employees, as well as their customers. Ringel emphasized that their ...
1 year ago Venturebeat.com
Google Cloud Next 2024: New Data Center Chip Joins Ecosystem - Google Cloud announced a new enterprise subscription for Chrome and a bevy of generative AI add-ons for Google Workspace during the Cloud Next '24 conference, held in Las Vegas from April 9 - 11. Overall, Google Cloud is putting its Gemini generative ...
1 year ago Techrepublic.com
Fighting For Your Digital Rights Across the Country: Year in Review 2023 - EFF works every year to improve policy in ways that protect your digital rights in states across the country. Thanks to the messages of hundreds of EFF members across the country, we've spoken up for digital rights this year from Sacramento to ...
1 year ago Eff.org

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)