Google patched a significant vulnerability in its browser – one which has truly been round since day one and will’ve been used to snoop in your searching habits.
For those who’ve ever seen how clicked hyperlinks flip purple as a substitute of staying blue, that tiny visible cue is on the coronary heart of the problem. What looks like a easy function truly opened the door to a two-decade-old privateness flaw that would quietly expose components of your net historical past.
In a current weblog put up, Google broke down the way it labored: web sites might type hyperlinks utilizing the :visited selector to indicate completely different colours should you had already clicked them, no matter the place you clicked them earlier than. That meant different websites might run sneaky scripts to examine which hyperlinks had been purple – and primarily peek at the place you’ve got been on-line.
Earlier than partitioning, if you clicked a hyperlink it will present as :visited on each web site displaying that hyperlink. | Picture credit score – Google
You might be searching on Web site A and click on a hyperlink to go to Web site B. On this situation, Web site B could be added to your :visited historical past. Later, you would possibly go to Web site Evil, which creates a hyperlink to Web site B as properly. With out partitioning, Web site Evil would show that hyperlink to Web site B as :visited—despite the fact that you hadn’t clicked the hyperlink on Web site Evil. Then, Web site Evil might use a safety exploit to study whether or not the hyperlink was styled as :visited, due to this fact studying that you’ve got visited Web site B prior to now—leaking details about your searching historical past.
– Google, April 2025
What this variation does is make certain a hyperlink solely reveals up as visited you probably have clicked on it earlier than on that very same web site and in that very same body. In different phrases, no extra sneaky cross-site monitoring primarily based in your searching historical past.
