A security flaw may have leaked the browsing history and Google data of many users. It is specifically an error in the Safari browser, which is one of the most used on mobile devices. An implementation problem has been able to put the privacy of many who use this application on a daily basis at risk.
Safari exposes browsing history
Privacy is a very important factor and one of the most serious problems is everything related to the browser. There we store information to log in to social networks, passwords to access many services, the history of visited sites… All of this, moreover, has a great economic value on the network. Hackers can profit from it.
This time it is an implementation error of the IndexedDB API , in the WebKit engine, which affects the Safari browser. This issue can cause all user browsing activity to be filtered. It is a widely used API, which acts as a storage system for the client.
It is used to be able to view websites offline. What it does is cache the data. To prevent all of this from leaking out, control which resources can access each piece of data. The problem is that, according to FingerprintJS , they have not correctly followed this policy in Safari 15, on macOS. This is what causes sensitive data to be leaked.
This same issue is also present on devices using iOS and iPadOS . This is because they use the same browser engine in Safari 15.
They can identify the user
In addition to filtering browsing history , because database names are often unique and site-specific, some database names have user identifiers. This API leak could also lead to user identification.
According to security researchers, in order to identify the user, they will need to log into services such as YouTube, Facebook, Google Calendar or Google Keep. This is what makes you add a Google User ID . In case of using several accounts, an individual one is created in each case.
Regarding the private mode in Safari 15 , it is also affected but in a different way. In this case, each browsing session is limited to a single tab. Therefore, the scope of the information that can be filtered is from the websites visited through that tab only.
This problem is present in WebKit. That means that other browsers using the same engine will also be affected. For example Brave or Chrome for iOS. You can see browsers and programs to improve privacy.
At the moment there is no patch available to fix this bug. However, one method to fix it manually is to block all JavaScript. Of course, this drastic measure can bring other problems when browsing websites. Another solution is to simply use another browser that is not based on WebKit, albeit only on macOS.