Pervasive Apple Safari Bug Exposes Web-Browsing Data, Google IDs

2022-01-20 16:50

Typically, a web browser permits scripts on one web page to access data on a second web page only if both pages have the same origin/back-end server.

Without this security policy in place, a snooper who manages to inject a malicious script into one website would be able to have free access to any data contained in other tabs the victim may have open in the browser, including access to online banking sessions, emails, healthcare portal data and other sensitive information.

Put simply, malicious websites can learn a user's identity and link it to multiple separate accounts that use the same ID, researchers warned.

Beyond Google sites, the firm found that users of at least 30 of the Alexa Top 1,000 most-visited websites could be likewise affected by the identity leakage.

The researchers have created a proof-of-concept demo that demonstrates how a malicious website can learn the Google account identity of any visitor.

If a user visits "Multiple different websites within the same tab, all databases these websites interact with are leaked to all subsequently visited websites," warned the firm.

News URL

https://threatpost.com/apple-safari-bug-browsing-data-google-ids/177809/

#apple #google #IDS #safari #WEB

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Google		141	994	4851	2759	1634	10238
Apple		135	564	4102	1567	2438	8671

News URL

Related news

Related vendor