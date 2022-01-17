FingerprintJS researchers have uncovered a vulnerability in Safari 15 that can be exploited to track users’ Internet activity and even reveal their identity.

According to the security research and browser fingerprinting provider, the flaw relates to Safari 15’s implementation of the IndexedDB, a web application programming interface.

Essentially, the names of all IndexedDB databases are available to any site, and these can be used to extract identifying information.

Websites such as YouTube and Google Calendar create databases that include the authenticated Google User ID.

In the scenario where a user is logged into multiple accounts, a database is created for each.

A malicious site could scrape your Google User ID from these databases and use it to find out other personal information about you.

To determine the extent of the vulnerability, FingerprintJS checked the homepages of Alexa’s Top 1,000 most visited sites.

It found that more than 30 of these websites interact with indexed databases directly on their homepage.

Affected websites include, but are not limited to, Alibaba, YouTube, Bloomberg, and Instagram.

All current versions of Safari for MacOS and iOS can be exploited.

FingerprintJS reported the vulnerability to Apple in November, but it is yet to be resolved.

