Should you’ve spent an honest period of time on the internet, you’ve most likely observed that blue hyperlinks flip purple after you click on on them. However you most likely did not notice that this small element facilitated a two-decades-old safety flaw that might have revealed delicate particulars about your searching historical past, and which Google has solely simply patched. 

Explaining the flaw in a recent blog, Google stated the browser cookies indicating whether or not or not you click on on a hyperlink had been what it referred to as “unpartitioned.” This meant that if you happen to clicked a hyperlink, it could present as visited on each web site displaying that hyperlink, even when it was fully unrelated.

Google referred to as this a “core design flaw,” because it probably leaked details about customers’ on-line exercise. “You might be searching on Website A and click on a hyperlink to go to Website B,” defined Google. “On this state of affairs, Website B could be added to your visited historical past. Later, you would possibly go to Website Evil, which creates a hyperlink to Website B as nicely.”

Google highlighted that “Website Evil” might then use this safety exploit to be taught whether or not the hyperlink was styled as visited, discovering out that you have visited Website B up to now—leaking details about your searching historical past within the course of.

The search large has now corrected the flaw within the newest Chrome replace and can retailer knowledge on what hyperlinks you click on individually, with out sharing the information throughout completely different web sites. The replace is ready to roll out within the Chrome 136 replace and is already accessible through the Chrome Beta channel.

The flaw is older than many Google staff. Safety researcher Andrew Clover posted a proof-of-concept assault primarily based on the flaw in 2002, citing a paper by Princeton researchers referred to as “Timing Assaults on Net Privateness.”

It is not simply Google Chrome that was impacted by the issue. A 2009 research paper demonstrated how the bug prompted potential safety points in Apple’s Safari, Opera, Web Explorer, and Mozilla Firefox, The Register experiences.

Get Our Finest Tales!

Your Each day Dose of Our High Tech Information

Join our What’s New Now e-newsletter to obtain the newest information, greatest new merchandise, and skilled recommendation from the editors of PCMag.

By clicking Signal Me Up, you verify you might be 16+ and conform to our Terms of Use and Privacy Policy.

Thanks for signing up!

Your subscription has been confirmed. Regulate your inbox!

About Will McCurdy

Contributor

I’m a reporter overlaying weekend information. Earlier than becoming a member of PCMag in 2024, I picked up bylines in BBC Information, The Guardian, The Instances of London, The Each day Beast, Vice, Slate, Quick Firm, The Night Normal, The i, TechRadar, and Decrypt Media.

I’ve been a PC gamer because you needed to set up video games from a number of CD-ROMs by hand. As a reporter, I’m passionate concerning the intersection of tech and human lives. I’ve coated every part from crypto scandals to the artwork world, in addition to conspiracy theories, UK politics, and Russia and international affairs.

Read Will’s full bio

Learn the newest from Will McCurdy