A Groundbreaking Privacy Revamp

In an exciting announcement, Google is set to address a long-standing privacy flaw that has haunted users for nearly two decades. This vulnerability allowed websites to uncover your browsing history simply by tracking previously visited links.

The Sneaky Problem Behind :visited Links

The issue stems from the way websites are able to style links as ':visited.' Normally, when you visit a link, it changes color, typically from blue to another hue, indicating prior clicks. This seemingly harmless feature has been exploited by cunning scripts from various sites, resulting in potential leakage of users’ browsing histories.

A Major Security Risk

What's at stake here is not just a theoretical risk—this privacy issue poses tangible security threats including user tracking, profiling, and even phishing attacks. Over the years, researchers have showcased various exploits made possible by this flaw, including methods relating to timing, pixel tracking, and more.

The Game-Changing Solution in Chrome 136

However, relief is on the horizon! The upcoming Google Chrome version 136 is set to revolutionize link privacy by introducing a triple-key partitioning system for ':visited' links. This means that links will now be stored using three unique keys: the link URL, the top-level site domain, and the frame origin. This groundbreaking change ensures that a link will only be marked as visited on the specific site that the user navigated from, effectively blocking any cross-site history leaks.

Keeping Usability Intact

To maintain user experience, Google has smartly included a "self-links" exception. This means if you click on a link within a site, it can still register as visited, even if accessed via another site—minimizing the risk of history leaks while still keeping navigation smooth.

How to Activate the New Feature

Wondering how to enable this exciting new feature? It was initially introduced as an experimental option in Chrome version 132 and is expected to become the default setting in version 136. Until then, users can activate it manually by typing chrome://flags/#partition-visited-link-database-with-self-links in the address bar and selecting 'enabled.' Do keep in mind, this feature is still in its experimental phase, so its functionality may vary.

The Competition: What Are Other Browsers Doing?

While Chrome is leading the charge to fix this crucial issue, other major browsers like Firefox have only partially tackled the ':visited' styles risk by limiting potential styles and blocking JavaScript access, but they lack the robust isolation solution that Chrome is implementing.

With Chrome 136 on the horizon, users can look forward to enhanced privacy, making online browsing not just safer, but a more confident experience!