Chrome Changes How Its Cache System Works for Privacy

Google has changed how a core component of the Chrome browser works in order to add additional privacy protections for its users. From a report: Known as the HTTP Cache or the Shared Cache, this Chrome component works by saving copies of resources loaded on a web page, such as images, CSS files, and JavaScript files. The idea is that when a user revisits the same site or visits another website where the same files are used, Chrome will load them from its internal cache, rather than waste time re-downloading each file all over again.

[…] With Chrome 86, released earlier this week, Google has rolled out important changes to this mechanism. Known as “cache partitioning,” this feature works by changing how resources are saved in the HTTP cache based on two additional factors. From now on, a resource’s storage key will contain three items, instead of one: The top-level site domain (http://a.example), the resource’s current frame (http://c.example), and the resource’s URL (https://x.example/doge.png). By adding additional keys to the cache pre-load checking process, Chrome has effectively blocked all the past attacks against its cache mechanism, as most website components will only have access to their own resources and won’t be able to check resources they have not created themselves.

More at