FingerprintJS, an anti-website fraud tool company, published a message on its website a few days ago, referring to a vulnerability in the Safari browser launched by Apple. Websites have the opportunity to obtain the names of other websites that some users are browsing, and even leak personal data such as user IDs.
The problem stems from the IndexedDB API used in Safari 15. Generally, browsers will provide an independent IndexedDB database for each website, allowing websites to store data on the computer. The stored information is generally only used by this website and cannot be detected and accessed by other websites.
However, in Safari, whenever a website uses IndexedDB, a blank database with the same name will appear in other websites. Although other sites cannot view the actual content of the database, they can guess what sites the user has used from the name of the database. More notably, sites such as Google will add information about personal data, such as user IDs, to IndexedDB’s name, which may cause even greater problems.