Slashdot: Chrome To Patch Decades-Old ‘Browser History Sniffing’ Flaw That Let Sites Peek At Your History

Apr 12, 2025

—

Source URL: https://yro.slashdot.org/story/25/04/12/2054251/chrome-to-patch-decades-old-browser-history-sniffing-flaw-that-let-sites-peek-at-your-history?utm_source=rss1.0mainlinkanon&utm_medium=feed
Source: Slashdot
Title: Chrome To Patch Decades-Old ‘Browser History Sniffing’ Flaw That Let Sites Peek At Your History

Feedly Summary:

AI Summary and Description: Yes

Summary: The article discusses a significant update in the Chrome browser that aims to mitigate a long-standing privacy attack known as “browser history sniffing.” This side-channel attack leverages color values of links to infer a user’s web browsing history, and the upcoming Chrome 136 release is intended to effectively eliminate this vulnerability.

Detailed Description: The provided text highlights critical advancements in the realm of browser security, specifically focusing on a vulnerability associated with user privacy. The implications of this action are noteworthy for security and compliance professionals, particularly concerning web browsing analytics and privacy controls.

– **Background of the Vulnerability**:
– The attack method, identified as browser history sniffing, utilizes the method of detecting link color changes to ascertain whether a user has previously visited specific web pages.
– This type of attack emerged as a concern over 15 years ago but was not resolved effectively until now.

– **Mitigation Efforts**:
– The Chrome 136 update, scheduled for stable release in April 2025, is characterized as the first major browser version positioned to neutralize these attacks effectively.
– Historically, Google’s Chrome team had deemed this issue as not fixable on previous occasions, marking it as “won’t fix” in past bug reports.

– **Insights from Industry Experts**:
– Kyra Seevers, a Google software engineer, emphasized that this development marks a significant turnaround for Chrome.
– David Baron, also a key figure in browser development, highlighted that this attack has been an issue recognized for many years, dating back to his initial bug report in 2002.

– **Implications for Professionals**:
– With privacy concerns mounting globally, the resolution of such vulnerabilities emphasizes the importance of browser security updates.
– Organizations relying on secure web applications must stay informed of browser vulnerabilities and corresponding patches to protect user data and maintain trust.

This development underscores ongoing efforts to enhance web security standards and reflects a growing awareness of the necessity to prevent such side-channel attacks to safeguard user privacy and compliance with regulations.

1 2 2025 3 4 5 a Act advancement advancements AI analytics and app Application applications art as attack attack method attacks awareness browser browser development browser security Bug bug reports C Casio CERN channel attack channel attacks Chrome Chrome browser CI CIA co Col compliance compliance professionals concerns control controls core critical D data de development DoT e effective end Engineer EU event exp expert Experts first for g Go Google H high Highlight HR http HTTPS implications in industry industry experts insights IRS ite J k Key l law led Li Link lm long man mitigation mitigation efforts N neutral no non o of on one OPM organization organizations ory over Patch patches pre privacy privacy concerns privacy control privacy controls professionals R rag RCE real Regulation regulations release report resolution Ro RoT Rust s safe sec secure security security and compliance security standards security update security updates side side-channel attack side-channel attacks Sig SoC software software engineer source specific SSE SSO standards T team text the to Tor TP trust turn type under up update updates US use user user data user privacy V val version vulnerabilities vulnerability Ware web web application web applications web browsing Web Security Wi x