A "bug" in Safari allows you to leak information from your Google account

Apple and Google create a joint API and Europe begins to adopt it

A hacker has discovered a serious security hole in Safari, Apple's native browser, through which some of your Google account's private information can be leaked, including recent browsing history.

This user has already alerted the company, so we hope that a future browser update will resolve the detected security problem shortly. We will be watching for it.

A hacker called FingerprintJS has published in his blog a somewhat disturbing discovery. A security hole in the Apple Safari browser, through which important user information can be “sneaked” out of a Mac.

This failure consists of an error in the implementation of indexedDB of Safari on Mac and iOS. That means a website can see database names from any domain, not just its own. Database names can be used to extract identifying information from a lookup table. Here you can see how this security bug works.

Services of Google they store an instance of IndexedDB for each of your accounts, with the database name corresponding to your Google user ID. So using the exploit described in the blog post, a malicious website could obtain your Google user ID and then use that ID to find out other personal information, since the ID is used to make API requests to Google services. .

It sends noses that with other browsers, such as Chrome, this does not happen, and a website can only see the databases created for the Google user of its own domain, and not that of any other. Hopefully Apple fixes it soon.

Apple hasn't fixed it yet.

FingerprintJS says that it has already informed Apple of said security flaw in the past November 28th. It's strange that to this day it still hasn't been fixed with a new Safari update. But we are sure that soon it will.

The content of the article adheres to our principles of editorial ethics. To report an error click here.

Be the first to comment

Leave a Comment

Your email address will not be published. Required fields are marked with *



  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.