[_delirium]

Chrome is following Mozilla's change on this point, which was designed to solve the longstanding CSS history leakage problem, where a page could use computed styles to slurp your browsing history: http://blog.mozilla.com/security/2010/03/31/plugging-the-css...

Is it lying for all elements, though? It should only really be lying about the "visited" styling of links or sub-elements of links (it'll return the computed style as if they were unvisited).

[chrismeyer_]

Not for all elements, but even if they say that is not going to create issues, i am already noticing styling troubles here and there on the web. This is not a good practice. The CSS history leakage problem is not so serious. Much worse are timing attack based on your cached images to check your history. And they do exist. More over it seems that somebody already got a trick around Mozilla's fix http://privacylog.blogspot.com/2010/08/mozillas-css-visited-... Does anybody think there is a way to exploit even this ? If so, Mozilla's team should be informed.