Safari Bug Allows Websites to Track Your Recent Browsing Activity in Real Time [Updated]

A bug in WebKit's implementation of a JavaScript API called IndexedDB can reveal your recent browsing history and even your identity, according to a blog post shared on Friday by browser fingerprinting service FingerprintJS.

safari icon blue banner
In a nutshell, the bug allows any website that uses IndexedDB to access the names of IndexedDB databases generated by other websites during a user's browsing session. The bug could allow one website to track other websites the user visits in different tabs or windows, as the database names are often unique and specific to each website. The correct and normal behavior should be that websites can only access their own IndexedDB databases.

In some cases, websites use unique user-specific identifiers in IndexedDB database names. For example, YouTube creates databases that include a user's authenticated Google User ID in the name, and this identifier can be used with Google APIs to fetch personal information about the user, such as a profile picture, according to FingerprintJS. This personal information could help a malicious actor to determine a user's identity.

The bug affects newer versions of browsers using Apple's open source browser engine WebKit, including Safari 15 for Mac and Safari on all versions of iOS 15 and iPadOS 15. The bug also affects third-party browsers like Chrome on iOS 15 and iPadOS 15, as Apple requires all browsers to use WebKit on the iPhone and iPad. FingerprintJS has a live demo of the bug that indicates older browsers like Safari 14 for Mac are unaffected.


FingerprintJS noted that no user action is required for a website to access IndexedDB database names generated by other websites.

"A tab or window that runs in the background and continually queries the IndexedDB API for available databases can learn what other websites a user visits in real-time," the blog post said. "Alternatively, websites can open any website in an iframe or popup window in order to trigger an IndexedDB-based leak for that specific site."

Private browsing mode does not protect against the bug in affected Safari versions.

Users will need to wait for Apple to address the bug with software updates — we've reached out to Apple to see if a fix is planned. In the meantime, Safari 15 users could temporary switch to a different browser on the Mac, but this is not possible on the iPhone or iPad since all browsers are affected by the WebKit bug on those devices.

The bug was reported to the WebKit Bug Tracker on November 28. More details can be found in FingerprintJS's blog post, reported earlier by 9to5Mac.

Update: Apple has prepared a fix for the bug, according to a WebKit commit on GitHub, but Apple still needs to release macOS and iOS updates with an updated version of Safari before the fix is available to users. Apple declined to provide a timeframe.

Tag: Safari

Popular Stories

General Black Friday Deals 24 Green Tinsel

Apple Black Friday Deals Available Now: AirPods, iPads, and More

Friday November 22, 2024 5:28 am PST by
Black Friday 2024 is less than one week away, and as always the next few days will be the best time of the year to shop for great deals. Right now, this includes big savings on popular Apple products like AirPods, Apple Watch, MacBook Air, iPad, and more. Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small...
ipads early bf deals

7 Best Black Friday iPad Deals for 2024

Saturday November 23, 2024 1:44 pm PST by
We're less than one week away from Black Friday on November 29, and Best Buy and Amazon currently have all-time low prices across Apple's entire iPad lineup. This includes Apple's 9th and 10th generation iPad, iPad mini 7, iPad Air, and iPad Pro. Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which...
silo tv show apple tv plus

Apple TV+ Releasing Next Week's 'Silo' Episode Early

Friday November 22, 2024 7:25 am PST by
The next episode of Apple TV+'s award-winning sci-fi series "Silo" will be released early. Apple previously announced that new "Silo" episodes would be released on Fridays, but the third episode of the second season will instead be released on Wednesday, November 27. Apple has likely bumped up the date so that people can watch the episode during the U.S. Thanksgiving holiday on Thursday,...
Generic iOS 19 Feature Mock

iOS 19's First New Feature Has Leaked

Friday November 22, 2024 6:22 am PST by
iOS 19 is not expected to be announced until June 2025, but the software update's first major new feature has already leaked. Bloomberg's Mark Gurman this week reported that iOS 19 will introduce a "more conversational Siri" powered by "more advanced large language models." He said this upgrade will make Siri more like OpenAI's ChatGPT, allowing the assistant to "handle more sophisticated...
iPhone 17 Slim Feature

iPhone 17 and 'iPhone 17 Air' Expected to Lack 5x Optical Zoom Lens

Friday November 22, 2024 11:04 am PST by
Next year's iPhone 17 and all-new "iPhone 17 Air" will not have a 5x optical zoom lens, according to Korean publication The Elec (via 9to5Mac). The report said the tetraprism camera system that enables 5x optical zoom will remain exclusive to the Pro models in next year's iPhone lineup, meaning that it would only be available on the iPhone 17 Pro and iPhone 17 Pro Max. Of course, with the ...
iPhone SE 4 Thumb 1

iPhone SE 4 With Apple's Own 5G Modem 'Confirmed' to Launch in March

Tuesday November 19, 2024 12:12 pm PST by
Barclays analyst Tom O'Malley and his colleagues recently traveled to Asia to meet with various electronics manufacturers and suppliers. In a research note this week, outlining key takeaways from the trip, the analysts said they have "confirmed" that a fourth-generation iPhone SE with an Apple-designed 5G modem is slated to launch towards the end of the first quarter next year. In line with previo...
beats snow

Black Friday Deals Hit Beats Headphones With Up to 52% Off

Thursday November 21, 2024 12:05 pm PST by
Beats is joining in on the Black Friday discount frenzy, with up to 52 percent off select headphones, earbuds, and speakers on Amazon. You'll find many of the same prices at other retailers like Best Buy as well. Note: MacRumors is an affiliate partner with Amazon. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running. This sale...
Apple 2024 Black Friday Shopping Event feature

Apple Announces 2024 Black Friday Event, Offering Up to $200 Gift Card

Thursday November 21, 2024 5:10 am PST by
Apple's annual four-day Black Friday through Cyber Monday shopping event is returning on Friday, November 29 through Monday, December 2 in many countries, including the U.S., Canada, Australia, France, Germany, Italy, Spain, the U.K., and others. During the event, customers can get an Apple gift card with the purchase of an eligible product. In the U.S., for instance, Apple is including gift ...

Top Rated Comments

LoveTo Avatar
37 months ago
I feel like I should just burn all my gadgets and go live in the mountains. ?
Score: 64 Votes (Like | Disagree)
planteater Avatar
37 months ago
Reported on November 28. That was a long time ago to have such a serious bug unpatched. I'd like to hear Apples response.
Score: 33 Votes (Like | Disagree)
antiprotest Avatar
37 months ago

I feel like I should just burn all my gadgets and go live in the mountains. ?
Then you will have no way to know if someone put an AirTag on you.
Score: 26 Votes (Like | Disagree)
nadozza Avatar
37 months ago

Swell. add that to the huge bug list in Monterey.

Meanwhile Microsoft fixes bugs, adds new features on a week by week basis.
What does this have to do with Monterey? It’s a bug in WebKit. One they should have dealt with by now, but it’s not Monterey or MacOS specific.
Score: 25 Votes (Like | Disagree)
citysnaps Avatar
37 months ago

Swell. add that to the huge bug list in Monterey.

Meanwhile Microsoft fixes bugs, adds new features on a week by week basis.
Please...don't say stuff like that when I'm drinking milk. Not pretty.
Score: 23 Votes (Like | Disagree)
Celtic-moniker Avatar
37 months ago

Swell. add that to the huge bug list in Monterey.

Meanwhile Microsoft fixes bugs, adds new features on a week by week basis.
Microsoft fixes bugs and adds features? I think you meant Linux.
Score: 16 Votes (Like | Disagree)