Some days ago, FingerprintJS discovered a vulnerability in Safari’s WebKit that affected an API called IndexedDB, used by many websites to create large databases. The bug, specifically, allows the pages that use this tool to access the user’s personal data. These include your recent browsing history or even your Google account details. A serious privacy problem that, according to Macrumors, Apple is already fixing.
The news portal about Apple ensures that the company It already has a patch ready to solve this vulnerability. At least that’s what the WebKit section on GitHub. However, it is unknown when it will reach users, since the fix is released via an update for Safari and therefore via an update in the respective operating systems.
In this case, Apple is likely to release a security update for iOS 15, iPadOS 15, and macOS Monterey. This does not include any new software features, only the patches that fix the Safari bug. Users can install the version via: Settings > General > Software Update.
The Safari bug also affects Chrome, and there is nothing the user can do
Meanwhile, there is nothing the user can do to prevent websites that use IndexedDB from accessing the information of those pages opened in a tab or window. The bug, let’s remember, also affects incognito browsing, as well as other browsers that make use of Safari’s WebKit, such as Google Chrome. On the other hand, it is difficult to know which portals use the aforementioned API and which do not. It is also important to bear in mind that one of the data that websites can extract from IndexedDB is the user’s personal information linked to the Google account. This data can be used by malicious websites to identify the navigator.
An unhelpful solution is block the use of JavaScript on those websites that could use the affected API. However, limiting the use of this resource can make the experience when browsing in Safari or Chrome less than ideal. Many of the elements, such as images, videos, banner, etc. they use JavaScript.