Apple Safari browser bug allows websites to access browsing history and other information

re is a bug in Apple Safari 15 web browser that can leak a user's personal information, including browsing history. It was discovered by a browser fingerprinting service called FingerprintJS. According to official blog post, all current Safari web browsers that are functional on iPhones, Mac and iPads are affected and can be exploited by torious websites to extract users' information without ir kwledge. 

FingerprintJS reported bug to Apple back in vember 2021, but company has t resolved issue. published report says that it is Apple's implementation of IndexedDB API that violates same-origin policy which essentially allows a website to access only database created by its own domain, hiding or activities of user from website. As mentioned earlier, Safar browser is affected by bug. 

How can Safari browser bug affect a user?

bug is present in Safari's IndexedDB API on both iOS and Mac devices. rmally, a website is able to access only data related to its own domain while a user browses through it. However, because of bug, any website can learn about recent browsing history of a user and current browsing activity, including name of website visited and or information related to a user's Google ID.

Google services use IndexedDB API to store information about all logged-in accounts on a device. Using bug, a website can access users' information related to ir personal accounts. In a recent live demo of how bug works, it has been shown to access users recent browsing history along with ir profile pictures. Potentially, all websites that use IndexedDB API JavaScript can access users' data.  

What is IndexedDB API?

As mentioned on Mozilla web docs, IndexedDB is a low-level API for client-side stor of significant amounts of structured data, including files/blobs. API uses indexes to enable high-performance searches of this data. In or words, API is a solution for storing large amounts of data on cloud while surfing web, and it stores information on browser itself. In this case, it is implementation of this API that is causing problem with Apple's Safari web browser.