tl;dr: Google chrome has a timing attack with :visited css selector. Adapt the PoC from WONTFIXed chrome bug report to find the the report a link bot's browser history.

Original writeup (http://bawolff.blogspot.com/2021/10/write-up-pbctf-2021-vault.html).