A bug in Safari would be exposing the data of Apple users, including information from Google accounts

A vulnerability in Safari can be exploited by hackers to expose your browsing history and sensitive information about your identity. And the bad thing is that we can not do much to avoid it.

Discovered last Saturday by FingerprintJS, the bug arrived with Safari 15 via the Indexed Database (IndexedDB) API, which is part of Apple’s WebKit web browser development engine.

For those who do not know the work of IndexedDB, it is used to store data on the computer, such as the websites you have visited, making them load faster when you come back to them later.

Unfortunately, the newly discovered bug causes IndexedDB to violate its cross-domain privacy policy exposing the data it has collected during browsing to web pages that should not be accessed to said information (here we teach you how to erase your trail).

And what’s worse, some websites, such as those belonging to Google, use unique and specific identifiers of users in their communications with IndexedDB.

This means that, If you are logged into your Google account, the data collected may be used to accurately identify both your browsing history and your account details.

“Not only does this mean that untrustworthy or malicious websites can learn the identity of a user, but it also allows the linking of multiple separate accounts used by the same user.“, explica FingerprintJS.

FingerprintJS reported the bug at the end of last November, but Apple has not yet fixed it and there is no communication from the company about it.

All this is worrying, but there is not much that can be done for now. Browsing in Safari’s private mode can mitigate potential harm, since a private tab cannot know what is happening in other tabs, regardless of whether they are private or public.

However, it is still not infallible. The only thing left is to wait for Apple to release some patch fixing the problem, and in the meantime browse privately for the really private stuff.