Safari Bug Can Leak Some of Your Google Account Info and Recent Browsing History (9to5mac.com) 11
A serious Safari bug disclosed in this blog post from FingerprintJS can disclose information about your recent browsing history and even some info of the logged-in Google account. From a report: A bug in Safari's IndexedDB implementation on Mac and iOS means that a website can see the names of databases for any domain, not just its own. The database names can then be used to extract identifying information from a lookup table. For instance, Google services store an IndexedDB instance for each of your logged in accounts, with the name of the database corresponding to your Google User ID. Using the exploit described in the blog post, a nefarious site could scrape your Google User ID and then use that ID to find out other personal information about you, as the ID is used to make API requests to Google services. In the proof-of-concept demo, the user's profile picture is revealed. FingerprintJS says they reported the bug to Apple on November 28, but it has not yet been resolved.
Re: (Score:1)
come in, enjoy our walled garden and feel safe!
Safari users (Score:3, Funny)
How many Safari users had their Google account info leaked 6 weeks after the flaw was disclosed to Apple?
Both.
Don't keep Google logged on. (Score:2)
Use a separate private browser window to log in to Google, don't leave Google logged in on your main browser window.
Simple solution. Also makes you aware that you don't need your Google account anywhere near as much as Google wants you to think.
Re: (Score:2)
That's.... The whole fucking point...
Re: (Score:2)
apple believers mind is so fascinating: so the workaround for a serious security bug in safari is changing your habits when using google services?
in other context it might even be reasonable precautionary advice but ... what about stop using crappy proprietary software that obviously isn't well maintained?
Re: (Score:2)
Notice I never mentioned either Apple or Safari in anything I said..
Re: (Score:2)
you were (literally) providing a "solution", the "problem" under discussion being an unpatched security bug in safari (see tfa). maybe that's not what you meant but since you didn't provide an alternative context, that's pretty much what you said. as it happens i'm no mind reader (yet). apologies. i'll get there eventually.