A flaw has been discovered in WebKit, the rendering engine of Apple’s Safari browser. This exposes the sites to the names of other sites visited in real time, and in some cases even personal identifiers.
On their unveiled a flaw in the WebKit rendering engine, which affects version 15 of Safari. The problem lies in its implementation of IndexedDB and has the consequence of allowing websites to know the names of other sites visited.official, specialist browser tracking service
IndexedDB is a tool present in allwhich allows sites to store data on the user’s computer. When used correctly, each site only has access to the information it has recorded. However, due to , each time a site creates a via IndexedDB, an empty copy is created in all other tabs, and frames of the same session.
No updates yet
The content of the database is therefore not exposed, only the name. However, many sites include their name when creating their database, which is therefore visible to all other sites visited by the user. Additionally, some even include a user ID, as is the case with. This can therefore make it possible to identify the Internet user, or at least in the case of , to retrieve the profile picture. And a site could voluntarily open another site in a frame, without the knowledge of the user, to obtain such information.
It’s not just Safari that’s affected.also affects third-party browsers on iPhone and given that requires the use of WebKit. the was reported on November 28, but Apple has yet to release an update. In the meantime, it is possible to use another browser on macOS, but there is no alternative on iOS and iPadOS.