Google has released Chrome 136 to the stable channel for Windows, Mac, and Linux, introducing significant privacy and security enhancements. The most notable fix addresses a 20-year-old privacy flaw in the browser’s handling of the CSS :visited selector, which previously allowed websites to infer users’ browsing history. Chrome 136 introduces triple-key partitioning (link URL, top-level site, and frame origin) to prevent cross-site visited link tracking, enhancing user privacy without affecting same-site usability. The update also patches eight security vulnerabilities, including a high-severity heap buffer overflow (CVE-2025-4096) and several DevTools bugs, with rewards paid to external researchers. The extended stable channel has been updated for enterprise users. Google urges users to update promptly to benefit from these critical protections.

‍