A newly released Chrome update aims to address a long-standing security threat known as browser history sniffing. This exploit allows web publishers to determine which links users have previously visited based on the color values of rendered hyperlinks. Despite efforts to mitigate this weakness over the years, it has persisted for over two decades. Google's software engineer, Kyra Seevers, emphasizes the severity of the issue and the importance of this update in enhancing user privacy while browsing the web.
When this technique first emerged, this could be done by including a script on the page that iterates through all the links on the page using the browser's window.getComputedStyle method and records the color used to render them.
These attacks can reveal which links a user has visited and leak details about their web browsing activity, explained Kyra Seevers, Google software engineer.
The privacy attack, referred to as browser history sniffing, involves reading the color values of web links on a page to see if the linked pages have been visited previously.
This security problem has plagued the web for over 20 years, and browsers have deployed various mitigations, but the threat has persisted.
Collection
[
|
...
]