Egy Safari 15 bug lehetővé teszi a felhasználó böngészési aktivitásának valós időben való követését

Címkék

... és bizonyos esetekben akár személyazonosságának felfedését:

In this article, we discuss a software bug introduced in Safari 15’s implementation of the IndexedDB API that lets any website track your internet activity and even reveal your identity. [...] In Safari 15 on macOS, and in all browsers on iOS and iPadOS 15, the IndexedDB API is violating the same-origin policy. [...] The leak was reported to the WebKit Bug Tracker on November 28, 2021 as bug 233548. [...] The demo is available at safarileaks.com. [...] Unfortunately, there isn’t much Safari, iPadOS and iOS users can do to protect themselves without taking drastic measures. One option may be to block all JavaScript by default and only allow it on sites that are trusted. [...] The only real protection is to update your browser or OS once the issue is resolved by Apple. In the meantime, we hope this article will raise awareness of this issue.
Részletek itt.

Hozzászólások

Szerkesztve: 2022. 01. 17., h – 10:16

Your browser is not affected. Please open this demo in Safari 15 on macOS, or any browser on iOS and iPadOS 15.

trey @ gépház

"Your browser currently leaks 4 database names. 

These are some of the websites from your recent browsing activity:

youtube.com

stitcher.com"

 

youtube-ot valoban latogattam, a masikrol soha nem hallottam, most raneztem, de meg sosem lattam azt az oldalt :D esetleg valami reklam vagy ilyesmi johetett onnan? :S

Lehetove teszi? Akkor ez nem bug, hanem feature. :-)