Quote:A team of Stanford and UC San Diego researchers published the research paper Browser history re:visited recently in which four new, and working, browsing history sniffing attacks are revealed to the public.

Attacks that attempt to find out which sites a user visited are not anything new. Mozilla, for example, plugged a leak in 2010 that allowed site owners to use CSS to check a list of sites against a user's browsing history using CSS.

The researchers found attacks that date back to 2002 using the :visited selector to determine whether a user on the site visited a linked resource previously.

The leak attacks affect all modern browsers that don't block the storing of the browsing history; in other words, Firefox, Chrome, Internet Explorer and Microsoft Edge are vulnerable while Tor Browser is not.

Most web browsers keep track of the visited resources by default; this is a convenience feature that is baked into the browser. Browsers may suggest these resources again when users type into the address bar and users may search visited sites in case they need to revisit them but can't remember the exact URL anymore.

Full reading: https://www.ghacks.net/2018/11/04/browser-history-sniffing-is-still-a-thing/