Safari 15 bug leaks your browsing history
Last week, a browser fingerprinting service FingerprintJS reported a Safari 15 bug that affects data leaks in iOS 15 and macOS Monterey. This crucial issue relates to the WebKit implementation of the IndexedDB JavaScript API that is used for storing data. Simply put, any IndexedDB-based website can get access to your browsing history and track websites you visit in other windows and tabs.
How is it possible?
Here are some technical details behind. Whenever you open a new tab and visit a site that uses a local database, a new empty database with the same name is generated in all other windows. Normally, every website has a unique database name and user-specific identifiers, and it can access only its own database entry.
The problem is that the given names are so obvious that it's very easy to identify websites that users are visiting. Also, many websites apply users' personal data to link them in a database. This way, the bug is a serious privacy violation that allows other sites to view and access websites you open during the same browsing session and even fetch the info on your Google ID and related personal data.
Look at the FingerPrintJS live demo of the bug that can lead to de-anonymisation.
Which browsers are impacted?
Sadly, this issue concerns all the browsers that are based on the Apple WebKit engine: Safari 15 for macOS Monterey and Safari for iOS 15 and iPadOS 15. The vulnerability also relates to third-party browsers, including Chrome, on iOS 15 and iPadOS 15 since WebKit is required on iPhones and iPads.
It's noted that the users of the previous Safari versions can keep calm as Big Sur and iOS 14 aren't impacted.
What to do?
Apple is working hard to address the issue and resolve data leaks. It's reported that Apple provided fixes for macOS Monterey 12.2, iOS 15.3 RC and iPadOS 15.3 RC. The fixes were already released for developers and beta users. These updates will be available for all users soon.
Meanwhile, avoid logging into your Google account on Safari or make use of alternative browsers like Brave or Firefox.