In order to stay up to speed on the newest news, free browsing, movies updates, and money-making tips, join the SMARTTECHVILLAS WhatsApp and Telegram channels!. Click Here To Join Now!

Connect with us

News

Discovered Bug in Safari Lets Third-Party Websites Snif Your Recent Browsing History

Bug in WebKit’s implementation of a JavaScript API called IndexedDB can reveal your recent browsing history and even your identity.

Philip Aladino

Published

on

ADBLOCK

In order to stay up to speed on the newest news, free browsing, movies updates, and money-making tips, join the SMARTTECHVILLAS WhatsApp and Telegram channels!. Click Here To Join Now!

Safari

According to a blog post published on Friday by browser fingerprinting service FingerprintJS, a bug in WebKit’s implementation of a JavaScript API called IndexedDB can reveal your recent browsing history and even your identity.

In a nutshell, the bug allows any website that employs IndexedDB to gain access to the names of IndexedDB databases generated by other websites during a user’s browsing session. Because database names are often unique and specific to each website, the bug could allow one website to track other websites the user visits in different tabs or windows. Websites should only access their IndexedDB databases if this is the correct and expected behaviour.

FingerprintJS noted that a website does not need to perform any user action to access IndexedDB database names generated by other websites.

According to the blog post, “A tab or window that runs in the background and constantly queries the IndexedDB API for available databases can learn what other websites a user visits in real-time.” “Alternatively, websites can open any website in an iframe or popup window to cause an IndexedDB-based leak for that particular site.”

In affected Safari versions, private browsing mode does not protect against the bug.

Users will have to wait for Apple to address the bug with software updates—we’ve contacted Apple to see if a fix is in the works. In the meantime, Safari 15 users on the Mac could temporarily switch to another browser, but this is not possible on the iPhone or iPad because all browsers on those devices are affected by the WebKit bug.

On November 28, the bug was reported to the WebKit Bug Tracker. More information can be found in FingerprintJS’s blog post, which was previously reported by 9to5Mac.

In some cases, websites use IndexedDB database names that contain unique user-specific identifiers. According to FingerprintJS, YouTube, for example, creates databases that include a user’s authenticated Google User ID in the name, and this identifier can be used with Google APIs to fetch personal information about the user, such as a profile picture. This personal information could aid a malicious actor in determining the identity of a user.

The bug affects newer versions of browsers that use Apple’s open-source browser engine WebKit, such as Safari 15 for Mac and Safari on all iOS 15 and iPadOS 15 versions. Third-party browsers such as Chrome on iOS 15 and iPadOS 15 are also affected by the bug, as Apple requires all browsers to use WebKit on the iPhone and iPad.

Meanwhile, FingerprintJS has a live demonstration of the bug, which shows that older browsers, such as Safari 14 for Mac, are unaffected.

Advertisements

Dino is a Tech Consultant. Entrepreneur, Website/Blog Developer, Graphic Designer, Blogger and Digital Marketer, he has long been freelancing for more than 6 years before starting up Smartcoretech, during this time was writing for websites like Opera News Hub, Paulworkspace, thescoove.africa etc. He is currently reporting on tech related contents on company's such as Apple, Google, Microsoft, Xiaomi, Facebook, Twitter etc. He also writes on Phone Reviews and Movies. When he is not writing he is working as an IT Manager for a company in his Local. Feel free to contact him via any of the available channels present

Advertisement          

Recent Posts

Advertisement
Advertisement
Advertisement
Advertisement