Chrome 136 Finally Kills 23-Year-Old Browser History Sniffing Vulnerability

Popular：

Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

Chrome 136 Finally Kills 23-Year-Old Browser History Sniffing Vulnerability

2025-04-12

A 23-year-old vulnerability allowing websites to sniff users' browsing history through CSS :visited pseudo-class is finally being eradicated in Chrome 136. Previous attempts to mitigate the issue, which involved checking link colors to determine if a page had been visited, proved insufficient. Chrome 136 introduces a novel 'partitioning' mechanism, linking visited history to the link URL, top-level domain, and frame origin, preventing cross-site access to browsing history. This breakthrough represents a significant leap forward in browser privacy and concludes a decades-long arms race between attackers and defenders.

(www.theregister.com)

Tech

Rust GPU: Bringing Shadertoy Shaders to Rust

The Mystery of the IBM PC's 'Little House' Character: The Origins of DEL (0x7F)