Please consider enabling chrome://flags/#reduced-referrer-granularity and chrome://flags/#prefetch-privacy-changes by default. The former is purely privacy-related, I don't know if you are already doing something similar. The latter prevents data leakage as described here:
https://terjanq.github.io/Bug-Bounty/Google/cache-attack-06jd2d2mz2r0/index.html
Here is the "Intent to implement" in Chromium:
https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/bSMOY-evrV4
I have raised the same issue in the Brave browser repo, with the result that the flags got enabled by default:
https://github.com/brave/brave-browser/issues/8319
I have also raised this issue in the Vanadium and Ungoogled Chromium repos (still under review):
https://github.com/Eloston/ungoogled-chromium/issues/1117
https://github.com/GrapheneOS/Vanadium/issues/71
Thank you for your attention.
@Peacock365 as you used the issue template for Brave, the same should have been done here.
@csagan5
_I add the issue template now, although I must say that I have consciously foregone it, since it adds no valuable info in this case at all. But anyway, here it is:_
I did search the issue tracker, FAQ, and ReadMe.
### Is your feature request related to privacy?
Yes.
### Is there a patch available for this feature somewhere?
Brave patched this, but the exact patch can鈥榯 be reused for Bromite.
### Describe the solution you would like
Enable chrome://flags/#reduced-referrer-granularity and chrome://flags/#prefetch-privacy-changes by default.
### Describe alternatives you have considered
Leaving them at default / disabled, at a privacy loss. Not really an alternative considering the goal here is to improve privacy, however. Not enabling them also means that this issue is RESOLVED WONTFIX automatically.
It seems to me that the compatibility risk here is low, as the Brave developers pointed out. However, the privacy gain here is considerable, since enabling these two flags will introduce a better referer header policy, and prevent leakage of arbitrary amounts of information in case the cache is targeted.
I have consciously foregone it, since it adds no valuable info in this case at all
The templates are needed to keep the issue tracker organized; the template you used for Brave is for a bug report while here we also have a template for a feature request.
I will consider enabling these two for next release.
Fixed in 84.0.4147.106.
Most helpful comment
Fixed in
84.0.4147.106.