Interesting post at Slashdot: You can checkout if your browser is affected here: http://lcamtuf.coredump.cx/cachetime/ It seems to require java so noscript users that have java disabled are safe. This seems to only look for certain websites in a list. I wonder if there is anyway this could be used to view your entire web history? Also this exploit only shows what sites have been visited in your cache. So if you have your browser set to clear the cache on exit it will only show the sites you visited this session.