Google has begun rolling out Chrome 136 to the secure channel for Home windows, Mac, and Linux, bringing important safety and privateness upgrades to thousands and thousands of customers worldwide.
The replace, set to be distributed over the approaching days and weeks, addresses a variety of vulnerabilities. Nevertheless, its most notable change closes a privateness loophole that has continued for over 20 years.
Because the early days of internet searching, browsers have visually distinguished visited hyperlinks, often with a special shade, to assist customers navigate on-line.
Nevertheless, this function has harbored a critical privateness flaw: web sites have been in a position to detect whether or not a consumer has visited sure hyperlinks elsewhere by exploiting how browsers, together with Chrome, dealt with the CSS :visited selector.
This loophole uncovered customers to potential monitoring and profiling, as malicious websites might stealthily probe a consumer’s searching historical past primarily based on the looks of hyperlinks.
In line with a Cyber Safety Information report, with Chrome 136, Google has radically modified how visited hyperlinks are tracked. The browser now employs a “triple-key partitioning” system, storing the visited standing of hyperlinks utilizing three components: the precise hyperlink URL, the top-level website, and the body origin.
This implies solely the location the place the hyperlink originates can entry details about its visited standing, closing the door on cross-site historical past sniffing as soon as and for all.
Navigational cues stay intact for customers inside the similar website however not compromise privateness throughout the net.
Safety Fixes and Bug Bounties
Alongside this privateness breakthrough, Chrome 136 patches eight different safety vulnerabilities, a number of discovered by impartial researchers:
- A crucial heap buffer overflow in HTML (CVE-2025-4096): Rewarded with $5,000.
- Two medium-severity points in DevTools: Out-of-bounds reminiscence entry (CVE-2025-4050) and inadequate knowledge validation (CVE-2025-4051), every incomes $2,000.
- A low-severity bug in DevTools (CVE-2025-4052): Awarded $1,000.
Many extra fixes stem from inside audits and superior safety applied sciences, together with AddressSanitizer and MemorySanitizer, additional securing the platform for all customers.
The prolonged secure launch (v136.0.7103.48/49) has additionally been up to date for enterprise customers, making these crucial protections extra broadly accessible.
Google encourages all Chrome customers to replace their browsers as Chrome 136 rolls out. Customers can anticipate upcoming weblog posts highlighting new options and important progress made on this launch.
By lastly closing a decades-old privateness hole, Chrome 136 units a brand new normal for browser safety and consumer belief, demonstrating Google’s ongoing dedication to privacy-first innovation.
Discover this Information Fascinating! Comply with us on Google Information, LinkedIn, & X to Get Prompt Updates!
