Summary: A security flaw that has been a part of Chrome since the beginning is finally being fixed in version 136. This flaw could allow parts of your search history to be exposed.
Google has recently patched a major vulnerability in Chrome that has been tracking users for many years. Somehow, this vulnerability has been around since day one. Keep in mind, Chrome first launched in September 2008, so this bug has been around for 16 years.
You are undoubtedly aware that, when you search for something, links appear blue or purple, with the purple links being ones that you’ve visited before. Well that was the door that opened the privacy flaw. Which could expose parts of your web history, quietly.
Essentially, the problem was that links would show as purple if you had already clicked them, no matter where you clicked them before. This would allow other sites to run sneaky scripts to check which links were purple and essentially see where you’ve been.
Google calls this a “core design flaw” in Chrome
Obviously, this is getting really in the weeds, but Google says that this isn’t just about privacy but a “core design flaw” in the browser. This is because it introduced real security risks, including tracking, profiling, and even phishing. Thankfully, the fix is finally here, 16 years later.
To address this issue, the next update to Chrome will bring triple-key partitioning. This will keep Chrome from tracking visited links globally. Instead, it will now use three things before marking a link as “visited”. Which is the link’s actual URL, the top-level site you are on, and the frame origin where the link appears. Basically, it will only show up purple as a visited site if you have clicked on that same link before on that same site and in that same frame. So you will be seeing many fewer purple links.
Google says that this fix is set to go live in late April as part of Chrome version 136.
