Safari Bug Can Leak Your Google Account Info and Track Browsing History on iPhone and Mac
Apple made some major changes with Safari on iOS as well as macOS in terms of design and under the hood functionality. According to the latest, a Safari bug on iOS and Mac can leak your Google account information as well as browsing history. Scroll down to read more details on the subject.
New Safari Bug Can Steal and Track Your Browsing History Along With Google Account Information
Apple pays a lot of attention to user privacy and device security, however, the latest Safari bug leaks your personal information of the logged-in Google account as well as browsing history. The bug exists in Safari's IndexedDB implementation on iOS as well as Mac which means that a website can see the database for not only its own but any domain. From the lookup table, the database names can potentially be used to extract identifying information.
As far as your Google account is concerned, Google stores the IndexedDB for your account that is logged in along with the name of the database linked to your Google ID. An unauthorized website could use your ID to make API requests to Google services. Moreover, personal information can also be compromised. The bug affects new versions of Apple's open-source browser engine WebKit which also includes Safari 15 for Mac and Safari on all devices running iOS 15 or iPadOS 15. The bug also shows its colors on Chrome for iOS 15 and iPadOS 15. This is because Apple requires all browsers to use WebKit on iPhone and iPad. Check out the video below for more details.
Disclosed by FingerprintJS, action from a user is not required for a website to gain access to the IndexedDB database names. Moreover, a private or incognito mode will not mask your account from the Safari bug.
"A tab or window that runs in the background and continually queries the IndexedDB API for available databases can learn what other websites a user visits in real-time,"
"Alternatively, websites can open any website in an iframe or popup window in order to trigger an IndexedDB-based leak for that specific site."
Apple will potentially push an update with a fix for the Safari bug. For the time being, Mac users can shift to a different browser but the same approach can not be used for iPhone and iPad. This is because both require developers to use Apple's WebKit framework.
This is all there is to it, folks. We will share more details on the subject as soon as further information is available. What are your views on the subject? Let us know in the comments.