Google Chrome is set to fix a decades-old privacy issue tied to “purple links” that reveal users’ browsing history.
Starting with version 136, currently in beta, Chrome will block websites from using the “: visited” CSS selector to determine which links a user has clicked—an exploit that has been used by attackers for over 20 years.
In the past, malicious sites could detect whether certain links had been visited by checking if they changed color (typically to purple), thus gaining insights into a user’s browsing habits. Chrome 136 addresses this by partitioning link history per site and frame origin. This means only the original website where a link was clicked will be able to style it as visited—external or malicious sites will no longer be able to access this information.
For example, if you visit Website A and click on links to Website B, only Website A will be able to display those links as visited when you return. If Website B’s links appear on another site, they will remain unvisited (usually blue), preserving your privacy.
There is a small exception: a website can still recognize visits to its own pages. So, if you visit multiple Wikipedia pages, Wikipedia itself will display them as visited. However, this doesn’t apply to third-party links or iframes, so your broader browsing history remains protected.
The feature can be tested now by enabling the Chrome flag: chrome://flags/#partition-visited-link-database-with-self-links. Chrome is the first browser to roll out this protection, and other browsers may soon follow.
Found this article interesting? Follow us on X(Twitter) and FaceBook to read more exclusive content we post.
