Google has changed how a core component of the Chrome browser works in order to add additional privacy protections for its users.
Known as the HTTP Cache or the Shared Cache, this Chrome component works by saving copies of resources loaded on a web page, such as images, CSS files, and JavaScript files.
The idea is that when a user revisits the same site or visits another website where the same files are used, Chrome will load them from its internal cache, rather than waste time re-downloading each file all over again.
This component has been present not only inside Chrome but inside all web browsers since the early days of the internet, where it served as a bandwidth-saving feature.
In all browsers, the cache system usually works in the same way. Each image, CSS, or JS file saved in the cache receive a storage key that is usually the resource's URL.
For example, the storage key for an image would be the image URL itself: https://x.example/doge.png.
When the browser loads a new page, it would search for the key (URL) inside its internal cache database and see if it needed to download the image or load it from the cache.
The old HTTP Cache system was open to abuse
Unfortunately, across the years, web advertising and analytics firms realized that this very same feature could also be abused to track users.
"This mechanism has been working well from a performance perspective for a long time," said Eiji Kitamura, Developer Advocate at Google.
"However, the time a website takes to respond to HTTP requests can reveal that the browser has accessed the same resource in the past, which opens the browser to security and privacy attacks."
These include the likes of:
- Detect if a user has visited a