A Safari 15 bug affects Apple devices and leaks Google identifiers all over the web. The IndexedDB API bug is a serious issue as it can be used for cross-site tracking.
Apple added App Tracking Transparency on iOS devices last year. Combine this with Safari’s tracking prevention, giving you a pretty private browsing experience.
However, this Safari 15 bug leaks from your Google ID or Google identifier. This ID is an internal marker from Google and can compromise your browsing activity and even different accounts.
How Is Safari 15 Bug Leaking Data?
FingerprintJS, a browser fingerprinting library, has demonstrated how the bug leaks data. IndexedDB is a low-level API on the user end, and it stores a ton of data.
It is generally an origin-specific database where every domain can access a limited amount of data associated with it. However, according to FingerprintJS, Safari 15 is “IndexedDB API is violating the same-origin policy.”
So when you open new tabs, a new empty database with the same name is created for the newly opened websites. It means every site has access to the IndexedDB API for all the sites opened at the time. This creates a data pool that can violate your online privacy.
FingerprintJS further claims that this Safari 15 bug “allows the linking of multiple separate accounts used by the same user.”
How To Check Safari Data Leak?
You can check out the FingerprintJS demo site to see how the vulnerability exploits your data. Popular sites like Instagram, Netflix, WhatsApp web, Twitter, and Slack are among the websites that may scrape data using this bug.
If you’re using Safari on your Mac, you can temporarily switch to any other browser for the time being. While Chrome is a popular choice, privacy doesn’t look eye-to-eye with Google FLoC.
If you’re going for Chrome, you may as well pick from our list of the best Chrome alternatives. However, there’s no workaround for iPhone and iPad users as Apple blocks any other browser engines on iOS and iPadOS.