As its name indicates, browsers represent those ships that we use to move around the web. In that sense, as vehicles of our internet experience, they need to be completely secure. However, the world of software is not perfect and there are always problems to solve. We have a clear example in the report that talks about a bug in Safari that can expose even the users’ browsing history.

This vulnerability has been discovered in Safari 15 and the problem is specifically in the Indexed Databases API.

Safari 15 has a bug that could expose your browsing history

Safari is Apple’s default browser, and the Safari 15 bug puts its mobile devices at risk. As we mentioned before, the problem points directly to the Indexed Databases or IndexedDB API. This API is a fundamental part of Apple’s WebKit, that is, the engine used to develop Safari. The function of this API is to store data on your computer about the sites visited, to have them at hand and load them faster.

IndexedDB also handles a security mechanism called Same Origin Policy or Same Origin Policy. This makes it impossible for websites to access data stored on other pages, unless they share the same domain.

The bug in question makes this security mechanism not work correctly and the stored data can be exposed to web pages that do not correspond. There is also a particular case with Google, since the user’s data has a unique identifier in the API. This makes it much easier to identify your browsing history and other data when entering the IndexedDB.

It should be noted that this problem was reported last November and Apple has not yet corrected it. The alternatives for this on Mac computers is simply to change the browser. However, on mobile phones the problem is more complex because Apple requires the use of its WebKit for iOS browsers and this implies that they also carry the bug.