Apple device users appear to be vulnerable to a significant lack of browser privacy. According to to 9to5Mac, FingerprintJS has discovered exploitation that allows attackers to retrieve your recent browser history, and even some Google Account information, from Safari 15 on all supported platforms, as well as third-party browsers on iOS 15 and iPadOS 15. IndexedDB framework (used to store data on many browsers) violates the “same source” policy, which prevents documents and scripts from one site (such as a domain or protocol) from interacting with content from another, allowing appropriately coded sites to lock Google data from logged in users as well as history from open tabs and windows.
The shortcoming only affects database names, not the content itself. However, that would still be enough for the owner of the malicious site to download your Google username, reveal your profile picture, and otherwise learn more about you. History could also be used to compile a rudimentary profile of sites you like. Private browsing will not beat exploitation, FingerprintJS said.
All products recommended by Engadget are selected by our editorial team, regardless of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn a commission for the partners.