Google Chrome integrates a function that – in theory – should allow you to delete cookies and website data. To activate the option, go to the Settings (or to the chrome: // settings page), click on the “Show advanced settings” link at the bottom of the page, click on the “Content settings” button under the Privacy item, check on the option “Store local data only until the browser is closed” and click Finish. In this way, cookies and other local data (images and temporary files and so on) should be deleted when the browser is closed.
The option apparently works with all sites except Google and YouTube. The problem was highlighted by Jeff Johnson, an iOS developer. Johnson reports that in Chrome version 86.0.4240.75, locally stored data linked to Google.com and YouTube.com continues to remain active even when the browser is restarted.
The data in question allows sites to store personal information about visitors, remembering settings on the next visit. Cookies are generally used to store user preferences even between different sites. Chrome’s behavior could allow Google to hide some data and track the user even when he thinks he has deleted data stored locally.
Google reported that it is aware of the problem stating that the behavior is not voluntary but that it is a bug and that it is working to fix it. A fix is expected in the coming days and at least the YouTube bug has been fixed with Chrome version 86.0.4240.111.
Google also recently fixed an archived vulnerability CVE-2020-15999, which could lead to some sort of active memory corruption (heap buffer overflow) within Freetype, a well-known open source font rendering library.