Google Chrome 136 Stable is now available for all supported platforms. The new version of Google's browser is a security and feature update.

Users on unmanaged devices should receive the update automatically. Desktop users may speed up the installation by selecting Menu > Help > About Google Chrome, or by loading the address chrome://settings/help directly in the address bar.

Chrome should pick up the update automatically when the page is opened. A restart is required to finish the update.

Google is fixing a long-standing privacy issue that, for years, enabled websites to determine users' browsing history through the previously visited links.

The problem arises from allowing sites to style links as ':visited,' meaning showing them as another color instead of the default blue if a user had previously clicked on them. 

The system displays this color change regardless of which site they were on when they clicked the link, allowing other sites to potentially use creative scripts that leak the user's browsing history.

Overview of the problem
Source: Google

The issue isn't just a theoretical privacy concern for users but also introduces a series of real security liabilities that enable tracking, profiling, and phishing.

Researchers demonstrated multiple classes of attacks in the past linked to this privacy gap, including timing, pixel, user interaction, and process-level attacks.

The upcoming release of Google Chrome, version number 136, will finally address the 20-year problem by implementing a triple-key partitioning of "visited" links.

Instead of storing link visits globally, Chrome now partitions each visited link using three keys, namely link URL (link target), top-level site (address bar domain), and frame origin (origin of the frame where the link is rendered).

This ensures that a link will only appear as :visited on the same site and in the same frame origin where the user previously clicked it, eliminating cross-site history leaks.

The implemented solution
Source: Google

To preserve usability, Google added a "self-links" exception, so visited links of a site will still be marked as visited on that site even if the user clicked them from a different site.

A website already knows which pages the user has visited, so this exception does not introduce an unwanted history leak.

Google says completely deprecating the :visited selector would eliminate valuable UX cues, so that was ruled out from the proposal's goals. Another rejected solution was to use a permissions-based model, as that would be easy to bypass or even abuse by manipulative websites.

How to enable

The new :visited isolation was introduced as an experimental feature on Chrome version 132 and is expected to be turned on by default on Chrome 136 (upcoming).

From Chrome 132 to 135 (latest), users can enable the feature by entering chrome://flags/#partition-visited-link-database-with-self-links in the address bar and setting the option to 'enabled.'

Enabling the experimental feature on Chrome
Source: BleepingComputer

The feature isn't stable yet, so it might not work as expected in all situations.

On other major browsers the :visited styles risk remains partially unaddressed.

Firefox limits what styles are applied to :visited and blocks JavaScript from reading them, but there's no partitioning to isolate them from sophisticated attack vectors.

 

Windows 11/10

Silent installation

 

https://www.mediafire.com/file/y3i84mknebsjmwl/Google+Chrome+136.0.7103.49+AIO+Silent+Install.7z/file

 

 

https://seyarabata.com/68122b7b9a8f7

 

 

Windows 7/8

Silent installation

 

Google Chrome 109.0.5414.168 AIO windows 7 last version Install Silent 

https://www.mediafire.com/file/y480s6kyzu9k81l/Google+Chrome+109.0.5414.168+AIO+Install+Silent.7z/file

 

 


https://mir.cr/0GHBFW82

Edited 16 hours ago16 hr by T3rM1nat0Rr3

Google Chrome Changelog:

Google Chrome Changelog:

The Stable channel has been updated to 135.0.7049.95/.96 for Windows, Mac and 135.0.7049.95 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 2 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[TBD][409619251] Critical CVE-2025-3619: Heap buffer overflow in Codecs. Reported by Elias Hohl on 2025-04-09

[TBD][405292639] High CVE-2025-3620: Use after free in USB. Reported by @retsew0x01 on 2025-03-21

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

Many of our security bugs are detected using AddressSanitizer, MemorySanitizer,UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.

 Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

PrudhviKumar Bommana Google Chrome

135.0.7049.115 new