We present four new history sniffing attacks. Our attacks fit into two classical categories—visited-link attacks and cache-based attacks—but abuse new, modern browser features (e.g., the CSS Paint API and JavaScript bytecode cache) that do not account for privacy when handling cross-origin URL data. We evaluate the attacks against four major browsers (Chrome, Firefox, Edge, and IE) and several security-focused browsers (ChromeZero, Brave, FuzzyFox, DeterFox, and the Tor Browser). Two of our attacks are effective against all but the Tor Browser, whereas the other two target features specific to Chromium-derived browsers. 

https://www.spinda.net/papers/smith-2018-revisited.pdf