Feed: Slashdot
Feed Link: https://slashdot.org/
---

Title: Chrome To Patch Decades-Old 'Browser History Sniffing' Flaw That Let
Sites Peek At Your History

Link: https://yro.slashdot.org/story/25/04/12/20542...

Slashdot reader king*jojo shared this article from The Register: A 23-year-
old side-channel attack for spying on people's web browsing histories will
get shut down in the forthcoming Chrome 136, released last Thursday to the
Chrome beta channel. At least that's the hope. The privacy attack, referred
to as browser history sniffing, involves reading the color values of web
links on a page to see if the linked pages have been visited previously...
Web publishers and third parties capable of running scripts, have used this
technique to present links on a web page to a visitor and then check how the
visitor's browser set the color for those links on the rendered web page...
The attack was mitigated about 15 years ago, though not effectively. Other
ways to check link color information beyond the getComputedStyle method were
developed... Chrome 136, due to see stable channel release on April 23, 2025,
"is the first major browser to render these attacks obsolete," explained Kyra
Seevers, Google software engineer in a blog post. This is something of a
turnabout for the Chrome team, which twice marked Chromium bug reports for
the issue as "won't fix." David Baron, presently a Google software engineer
who worked for Mozilla at the time, filed a Firefox bug report about the
issue back on May 28, 2002... On March 9, 2010, Baron published a blog post
outlining the issue and proposing some mitigations...

Read more of this story at Slashdot.

---
VRSS v2.1.180528