Technology 2 min read

New Chrome Update Raises Fresh Privacy Concern

A researcher believes that Google's recent update to its Chrome browser, which allows deep links without anchors, could become a potential privacy concern.

slyellow / Shutterstock.com

slyellow / Shutterstock.com

Google‘s latest Chrome update — Chrome 80 — is under scrutiny for what could potentially become a significant privacy concern.

Before now, Google depended on an anchor created by a site owner to link a single word to text. Well, not anymore.

In its latest version of the browser, the tech giant implemented a new capability called ScrollToTextFragment. This will enable deep links to web documents, and doesn’t require an anchor.

In other words, anyone will now be able to create a link to a specific piece of text within a document.

Describing the feature in its press release, Google wrote:

“This feature allows a user or author to link to a specific portion of a page, using a text snippet provided in the URL. When the page is loaded, the browser highlights the text and scrolls it into view.”

According to the search engine giant, the new capability is useful. It’ll “allow the link-creator to specify which portion of the page is interesting, without relying on author annotations.”

So why are privacy pundits anxious?

The Privacy Concern That Comes With ScrollToTextFragment

Privacy researcher at Brave Browser, Peter Snyder, points out that bad actors can exploit ScrollToTextFragment.

In a statement to The Register, Snyder said:

“Consider a situation where I can view DNS traffic (e.g., company network), and I send a link to the company health portal, with [the anchor] #:~:text=cancer. On certain page layouts, I might be able [to] tell if the employee has cancer by looking for lower-on-the-page resources being requested.”

The privacy researcher added in a tweet that Chrome 80 imposes privacy risk on the existing website. What’s more, ScrollToTextFragment crosses a line that it should not cross.

Chrome 80 already raised privacy concerns on Github prior to its release date. However, a Chromium Engineer, David Bokan, says that the team discussed the security issues and decided to ship anyway.

We discussed this and other issues with our security team, and, to summarize, we understand the issue but disagree on the severity,” says Bokan. “So we’re proceeding with allowing this without requiring opt-in (though we are still working on adding an opt-in/out).”

At the moment, only the Chrome browser supports ScrollToTextFragment.

Read More: Microsoft Will no Longer Impose Bing Search on Chrome and Firefox

First AI Web Content Optimization Platform Just for Writers

Found this article interesting?

Let Sumbo Bello know how much you appreciate this article by clicking the heart icon and by sharing this article on social media.


Profile Image

Sumbo Bello

Sumbo Bello is a creative writer who enjoys creating data-driven content for news sites. In his spare time, he plays basketball and listens to Coldplay.

Comments (0)
Most Recent most recent
You
share Scroll to top

Link Copied Successfully

Sign in

Sign in to access your personalized homepage, follow authors and topics you love, and clap for stories that matter to you.

Sign in with Google Sign in with Facebook

By using our site you agree to our privacy policy.