Apple’s Safari is leaking your browsing data in a way that’s easy to exploit and could be used by hackers to steal your personal information. The company has been aware of the issue for some time, but has yet to fix it. Safari is a web browser that’s used by millions of people around the world. It’s one of the most popular browsers on the planet, and it’s also one of the most vulnerable to attack. Hackers can use Safari to access your personal information, such as your address book and contact details, and even your photos and videos. If you’re using Safari on an Apple device, you should take steps to protect yourself from this vulnerability. First, make sure you’re using a security certificate that has been issued by a trusted authority. Second, make sure you’re using a strong password for your browser account. Third, be sure to regularly check for new updates to Safari so that you’re protected against potential attacks. Finally, be sure to keep track of any suspicious activity in your browser history so that you can identify any potential threats before they happen.

The bug is in Safari’s IndexedDB implementation on all three of Apple’s operating systems. Apparently, a website can see the names of databases for any domain. Typically, a website should only see the names of databases of its own domain, so this is definitely a security issue. The names of the databases can be used to extract information from a lookup table.

With this information, your recent browsing history could surface. Additionally, because Google services store an IndexedDB instance for each of your logged-in accounts, your account name could also be revealed.

As far as what someone could do with this information, they could scrape your Google ID and then use that to find out other personal information about you.

If you want to see the bug in action, you can visit safarileaks.com in the Safari browser on Mac, iPad, or iPhone. If you try from a different browser on Mac, you’ll see a message stating that “Your browser is not affected. Please open this demo in Safari 15 on macOS or any browser on iOS and iPadOS 15.” If you’re on iPad or iPhone, it’ll work either way.

FingerprintJS first reported the bug to Apple on November 28, 2021, but the issue has yet to be resolved. Hopefully, the pressure of the problem being public will push Apple to get a fix out.