Chrome 136 eliminates browser history spying risk

In recent years, a significant privacy vulnerability known as browser history sniffing has posed challenges to internet users worldwide, allowing websites to infer individuals’ browsing histories through CSS pseudo-classes. This vulnerability exploits the :visited property, revealing whether a user has previously accessed a link by checking color rendering variations. Despite attempts to mitigate this issue over the past 20 years, it remained a persistent threat. However, in April 2025, with the anticipated release of Chrome 136, Google claims to have addressed this longstanding issue effectively. The browser will now separate users' visited link histories, partitioning them based on the context in which the links were accessed. This means that the :visited history is no longer accessible as a global list by any website. Instead, it is divided according to the specific site context, drastically reducing privacy risks. The significance of this change is underscored by a commentary from Kyra Seevers, a Google software engineer, who noted the risks that history detection attacks have posed for years and how the new partitioned approach improves user privacy. Prior browsers have deployed various stop-gap measures to defend against such attacks, but they failed to offer complete resolution. As web publishers and third parties with scripting abilities could still exploit these privacy loopholes, the need for a comprehensive solution was pressing. Chrome 136’s partitioning mechanism is poised to deliver a substantial advancement in protecting user privacy online, making it a landmark development for web security.