Status: Unconfirmed Owner: ---- Labels: Type-Bug Pri-2 OS-All Area-Misc New issue 29811 by simon.bohlin: Leaking browser history through computed CSS style for A:visited (old news: 2008, but still relevant and seemingly easy to fix) http://code.google.com/p/chromium/issues/detail?id=29811
Chrome Version : Chrome 2-4 URLs (if applicable) : http://browserspy.dk/css-exploit.php Other browsers tested: Add OK or FAIL after other browsers where you have tested this issue: Safari 4: FAIL Firefox 3.x: FAIL, unless using a plugin IE 7: FAIL IE 8: ? What steps will reproduce the problem? 1. Visit www.facebook.com 2. Visit http://browserspy.dk/css-exploit.php or http://startpanic.com/ 3. Notice that they know where you've been! Testing can be done for any URL. The issue is that computed CSS style for A:visited isn't protected from scripting access. Limiting based on base domain name could be enough, although I never saw any websites actually needing to spy on visited pages via javascript. More discussion: http://code.google.com/p/google-caja/wiki/HistoryMining http://whattheinternetknowsaboutyou.com/docs/details.html -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings -- Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs
