December 9, 2023

Google has changed the way one of chrome’s core components works to add additional privacy protection to users. This Chrome browser component, known as http cache or shared cache, works by saving copies of resources loaded on a Web page, such as pictures, CSS files, and JavaScript files.

The idea is that chrome will load the same files from its internal cache when users visit the same site again or visit other sites that use the same files, rather than wasting time re-downloading each file.

This component exists not only within Chrome, but also within all web browsers from an early age, as a bandwidth-saving feature. In all browsers, the caching system usually works in the same way. Each picture, CSS, or JS file saved in the cache receives a storage key, which is usually the URL of the resource.

For example, the storage key for an image is the image URL itself: https://x.example/doge.png, and when a browser loads a new page, it searches for the key (URL) in its internal cache database and sees if a picture needs to be downloaded or loaded from the cache.

Online advertising and analytics companies have realized that this feature can also be abused to track users. Detect if a user has visited a particular website. Commercial competitors can detect a user’s browsing history by checking the cache for resources that might be a particular site or group of sites, and the cache can also be used to store cookie-like identifiers as a cross-site tracking mechanism.

Google has introduced a major change to the mechanism called “cache partitioning,” works by changing the way resources in the HTTP cache are stored based on two additional factors. From now on, the storage key for a resource will contain three items, not one.

Chrome effectively blocks all past attacks on its caching mechanism by adding additional key to the cache preload check, because most site components will only be able to access their own resources and not check for resources they have not created.

Google has been testing cache partitions since the Release of Chrome 77 in September 2019 and says the new system will have no impact on users or developers.

Cache partitions are currently only active in Chrome browsers, but can also be used by other browsers based on Chrome open source, all of which are most likely to deploy it in the coming months.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.