Nishant Chaudhary
As per a blog post by browser fingerprinting service FingerprintJS, if there is an IndexedDB bug in WebKit’s implementation of a JavaScript API; it can unveil your identity alongside your recent browsing history.
Also Read: OnePlus 9RT 5G Released in India, Here is Everything There’s to Know.
What is this IndexedDB bug all about?
The IndexedDB bug potentially allows every website that makes use of IndexedDB to access IndexedDB databases generated by other websites; it is important to note that it can generate them for a users’ browsing session. In short, it allows one website to track other websites that the user is going through in different tabs or windows. However, it should have been like a website that can only access its own IndexedDB database.
What’s more, websites might employ user-specific identifiers in IndexedDB database names, at least for some websites. For instance, websites like YouTube adds users’ authenticated Google User ID t the database. Obviously, someone can easily use it to fetch the actual identity of a person with Google API. If we are to believe FingerprintJS, it can even extract profile pictures. If some are able to carry out this kind of attack, you can imagine the kind of drawbacks.
Moreover, the vulnerability is there in new versions of browsers that feature WebKit; it is an open-source browser engine from Apple. So, basically, you will find it majorly in Apple products, including Safari for Mac, alongside Safari for iOS 15 and iPadOS 15. But it doesn’t stop there, it can also affect third-party browsers like Chrome on iPhones and iPads.
Lastly, FingerprintJS offered users a live demo of the bug proving earlier versions of the browsers have no impact of the bug.
Also Read: Best Mechanical Keyboards under Rs. 5000 in India.
Comments
Loading…