Security News > 2022 > January > Safari bug leaks your Google account info, browsing history

Safari bug leaks your Google account info, browsing history
2022-01-17 13:47

There's a problem with the implementation of the IndexedDB API in Safari's WebKit engine, which could result in leaking browsing activity in real-time and even user identities to anyone exploiting this flaw.

IndexedDB is a widely used browser API that is a versatile client-side storage system with no capacity limits.

This privacy violation bug also impacts web browsers using the same browser engine in the latest iOS and iPadOS versions.

Since the database names are typically unique and website-specific, this is essentially like leaking the browsing history to anyone.

The private mode in Safari 15 is still affected, but each browsing session is restricted to a single tab.

Switching to a non-WebKit-based web browser is the only viable solution, but it only applies to macOS. On the iOs and iPadOS, all web browsers are affected.


News URL

https://www.bleepingcomputer.com/news/security/safari-bug-leaks-your-google-account-info-browsing-history/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 102 253 4226 4525 728 9732