Preloader

The Real Danger of Purple Links: Your Browsing History at Risk

The Real Danger of Purple Links: Your Browsing History at Risk

The Real Danger of Purple Links: Your Browsing History at Risk

A critical security issue, hidden for 22 years, was finally addressed in version 136 of Google Chrome. This vulnerability, dating back to 2002, allowed attackers to steal parts of users’ browsing history by tracking which links had been visited — a change that visually turned blue links to purple.

Originally designed for user convenience in the 1990s, this color change feature has long been standard in web browsers. However, attackers exploited it by embedding thousands of invisible links into web pages and using JavaScript to detect which links had already been visited — effectively revealing a portion of the user's browsing history.

Proven Malicious Uses

In 2010, researchers discovered that websites like YouPorn and companies such as Interclick used this technique to spy on users and analyze their behavior. Although browsers later restricted this method, more advanced variants emerged.

By 2018, a new vulnerability, CVE-2018-6137, enabled scanning up to 3,000 links per second. Most major browsers, except Tor, were vulnerable to it.

Why Is History Theft Dangerous?

  • Privacy Exposure: Attackers can blackmail users or serve highly deceptive content based on visited sites.
  • Service Identification: Hackers can find out which bank or service you use, and launch targeted phishing attacks.
  • Advanced Tracking: Browsing history, combined with cookies and fingerprinting, can uniquely identify and profile users.

What Has Been Done?

Since version 136, Google Chrome has enabled Visited Link Partitioning by default. This prevents websites from seeing which external links have been visited, by separating the visited-link data for each domain.

For example, if you click a link to centralbank.com on bank.com, the purple state only applies to that site. If the same link appears on another domain (e.g. banksupport.com), it remains blue.

How to Protect Your Browsing History

  • Keep your browser updated regularly
  • Use Incognito or Private Browsing mode when needed
  • Clear cookies and history frequently
  • Disable visited-link color changes
  • Use tracker blockers and anti-spyware tools like Kaspersky Premium

 

Source: MedadPress
 www.medadpress.ir