Leaks in Safari with browsing history
With this bug, any site using IndexedDB can know the names of other IndexedDB databases that have been generated by other sites on Safari. This is a way to know the recent browsing history. Sites should normally only have access to their own database.
The problem actually goes further since some databases have specific identifiers and not randomly generated identifiers. This is particularly the case of Google, which chooses the unique identifier of each user as a name. A malicious person can then exploit the Safari bug, recover the identifier linked to Google and then use the search engine’s API to obtain information on the owner of the account.
FingerprintJS offers a proof-of-concept, that is to say a demonstration of feasibility to show that the bug does exist. Just go to safarileaks.com with Safari to see a list of the last sites you visited. And if you’re signed in to a Google account, your profile picture will appear.
Chrome, Firefox and others are also affected on iOS
This bug concerns WebKit, Safari’s rendering engine. It affects iPhone and iPad users who have iOS 15, and Mac users who use Safari 15. The issue can be temporarily circumvented on Mac using any other browser. The situation is more delicate on iPhone and iPad. Indeed, Chrome, Firefox and other browsers exist, but all use WebKit and not their own rendering engines because Apple requires them to go through its system. As a result, alternative browsers on iOS are also affected.
We now have to wait for a fix from Apple with an iOS update. Note that the bug was reported on November 28 to Apple and it is still not fixed. In view of the delay, FingerprintJS made the information public today.