Safari 15 Bug Leaks Some Browser History & Google Account Info
A significant Safari bug has been disclosed publicly by FingerPrintJS, impacting Safari 15 on MacOS, iOS, and iPadOS.
What does the Safari 15 IndexedDB bug do?
The bug allows the Safari 15 browser to leak user browser history, along with identifying Google account information in the form of a unique Google user ID. This information could be gathered by websites or nefarious web pages.
An example of the type of information is available of the demo link below:
- Visit the Safari Leaks demo website at https://safarileaks.com to see what if any information is leaked
The Safari bug was apparently “reported to the WebKit Bug Tracker on November 28, 2021 as bug 233548” but for whatever reason Apple has not fixed it yet. Now that the bug has gained press attention, it’s likely that a bug fix patch will be released quickly.
If you’re interested in learning more about the bug and how it works, the video embedded below describes further.
What browsers and devices are impacted by the Safari 15 IndexedDB bug?
The following devices and browsers are potentially impacted by the IndexedDB bug: Safari 15.2 and earlier on Mac, Safari on iOS 15.2 and earlier, Safari on iPadOS 15.2 on earlier.
What can be done to protect yourself from the Safari 15 bug?
If this potential data leaking bug concerns you, the only way to currently protect yourself on the Mac is by temporarily switching to another web browser, like Google Chrome, Firefox, Microsoft Edge, or Brave.
While Safari is an excellent web browser, the other browsers that are not impacted by this bug are also great too, and it can be useful to have an alternate web browser or several available for a variety of reasons, privacy included. Users interested in doing so can grab Brave, Chrome, Firefox, or Microsoft Edge.
It is likely that Apple will soon address the issue by releasing an update to Safari for Mac, and an iOS and iPadOS update separately.