Nik Cubrilovic found something interesting:

I have recently discovered two privacy issues with Google Chrome that users should be aware of. They both relate to browsing history data not being deleted despite the user taking action to delete browsing history.

That’s the intro to Cubrilovic’s post, but it is a bit misleading. Basically Chrome clears your browsing history in the history menus, but not two settings:

  1. Zoom level info
  2. Prefetched DNS stuff

What this means is that if you change the zoom level on a site or the DNS is prefetched for the domain, that domain will be recorded and not removed in two files within Chrome. Now you have to know about this, as people around you are not likely to stumble on this information.

However, as Cubrilovic points out, this is a potential area of vulnerability on a publicly shared computer — especially with Chrome’s surge in usage.

I think more importantly this is one of those areas where a function works in a way that the user didn’t assume it would work. I think most users would assume nuking the browsing history would nuke it everywhere — I wonder if Safari and Firefox have these issues too.


Posted by Ben Brooks