Google has fixed a decades-old flaw in Chrome that could let websites see your browsing history based on visited link colors.
In a recent blog post, Google explained that cookies used to track clicked links were “unpartitioned.” This meant if you clicked a link on one site, it would appear as visited on any site showing the same link, even if unrelated.
Google called this a “core design flaw” that allowed malicious sites to detect your past activity. For example, if you clicked a link to Site B while browsing Site A, a later visit to a malicious site could reveal that you had visited Site B.
The issue is now fixed in Chrome version 136. Visited-link data will be stored separately for each site, blocking this type of tracking. The update is available now in the Chrome Beta channel.
The flaw was first demonstrated in 2002 by researcher Andrew Clover and was based on a 2000 paper from Princeton. A 2009 study also found similar vulnerabilities in Safari, Opera, Internet Explorer, and Firefox.
