An Exploit In Safari Can Expose Browser Histories And Google Account Information

January 17, 2022
Safari
527
Views
Safari

Users of Apple devices appear to be subject to a serious browser privacy issue. FingerprintJS, according to trustworthy sources, has uncovered an exploit that allows attackers to acquire your recent browsing history, as well as certain Google account information, from Safari 15 across all supported devices, as well as third-party browsers on iOS 15 and iPadOS 15. The IndexedDB framework (used to store data on many browsers) is infringing on the “same-origin” policy, which prohibits documents and scripts from one location (such as a domain or protocol) from interacting with content from another, allowing appropriately coded websites to deduce Google information from signed-in users as well as histories from open tabs and windows.

The issue solely jeopardizes the database names, not the content itself. This, however, would be sufficient for a malicious site owner to obtain your Google username, locate your profile picture, and learn more about you. The history might also be used to create a rudimentary profile of the sites you enjoy. According to FingerprintJS, private surfing will not disable the vulnerability.

However, FingerprintJS stated that it reported the vulnerability on November 28th and that Apple has yet to resolve it with security upgrades that honor the same-origin requirement. Until then, the only alternative for Macs may be to use a third-party browser or block all JavaScript, neither of which is always an option.

Article Categories:
Search Engine

Leave a Reply

Your email address will not be published. Required fields are marked *

The maximum upload file size: 256 MB. You can upload: image, audio, video, document, spreadsheet, interactive, text, archive, code, other. Links to YouTube, Facebook, Twitter and other services inserted in the comment text will be automatically embedded. Drop file here