Last updated on January 31st, 2022 at 10:19 am
[ad_1]
According to a new study, a software fault in Apple’s Safari 15 browser might allow any website to track your internet activities and possibly reveal your identity on macOS, iOS, and iPadOS 15. Your Google User ID could also be exposed to other websites as a result of the flaw.
In this scenario, the vulnerability is also thought to affect private mode viewing in the Safari 15 browser.
The fault is caused by an issue with Apple’s implementation of IndexedDB, an application programming interface (API) that keeps data on your browser, according to FingerprintJS, a browser fingerprinting and fraud detection service.
“IndexedDB is a client-side storage API for browsers that can contain large amounts of data. It is widely used and supported by all major browsers “In a statement, FingerprintJS claimed.
According to the survey, more than 30 websites directly interact with indexed databases on their homepage, with no additional user involvement or authentication required.
“We estimate this figure to be substantially larger in real-world settings,” the FingerprintJS team explained, “since websites can connect with databases on subpages, after specific user actions, or on authenticated areas of the page.”
IndexedDB, like most modern web browser technologies, adheres to the same-origin policy.
The same-origin policy is a basic security technique that limits how documents or scripts loaded from a single origin interact with other resources from other origins.
The same-origin policy, for example, stops a malicious webpage from infecting your email if you open your email account in one tab and a malicious URL in another.
“The IndexedDB API violates the same-origin restriction in Safari 15 on macOS and all browsers on iOS and iPadOS 15,” according to fingerprints.
When a website interacts with a database, all other active frames, tabs, and windows within the same browser session establish a new (empty) database with the same name.
Unless you move to a separate profile, such as in Chrome, or open a private window, windows and tabs normally share the same session.
This means that other websites will be able to see the names of databases generated by other websites.
which may contain personal information about you.
The leak was discovered by FingerprintJS, however, Safari has yet to be updated.
“The fact that database names are leaked from many sources is a clear breach of privacy. It allows any website to track which websites a person visits in multiple tabs or windows “they stated
[ad_2]