Safari Bug Allows Websites to Track Your Recent Browsing Activity in Real Time [Updated]

by

A bug in WebKit's implementation of a JavaScript API called IndexedDB can reveal your recent browsing history and even your identity, according to a blog post shared on Friday by browser fingerprinting service FingerprintJS.

safari icon blue banner
In a nutshell, the bug allows any website that uses IndexedDB to access the names of IndexedDB databases generated by other websites during a user's browsing session. The bug could allow one website to track other websites the user visits in different tabs or windows, as the database names are often unique and specific to each website. The correct and normal behavior should be that websites can only access their own IndexedDB databases.

In some cases, websites use unique user-specific identifiers in IndexedDB database names. For example, YouTube creates databases that include a user's authenticated Google User ID in the name, and this identifier can be used with Google APIs to fetch personal information about the user, such as a profile picture, according to FingerprintJS. This personal information could help a malicious actor to determine a user's identity.

The bug affects newer versions of browsers using Apple's open source browser engine WebKit, including Safari 15 for Mac and Safari on all versions of iOS 15 and iPadOS 15. The bug also affects third-party browsers like Chrome on iOS 15 and iPadOS 15, as Apple requires all browsers to use WebKit on the iPhone and iPad. FingerprintJS has a live demo of the bug that indicates older browsers like Safari 14 for Mac are unaffected.


FingerprintJS noted that no user action is required for a website to access IndexedDB database names generated by other websites.

"A tab or window that runs in the background and continually queries the IndexedDB API for available databases can learn what other websites a user visits in real-time," the blog post said. "Alternatively, websites can open any website in an iframe or popup window in order to trigger an IndexedDB-based leak for that specific site."

Private browsing mode does not protect against the bug in affected Safari versions.

Users will need to wait for Apple to address the bug with software updates — we've reached out to Apple to see if a fix is planned. In the meantime, Safari 15 users could temporary switch to a different browser on the Mac, but this is not possible on the iPhone or iPad since all browsers are affected by the WebKit bug on those devices.

The bug was reported to the WebKit Bug Tracker on November 28. More details can be found in FingerprintJS's blog post, reported earlier by 9to5Mac.

Update: Apple has prepared a fix for the bug, according to a WebKit commit on GitHub, but Apple still needs to release macOS and iOS updates with an updated version of Safari before the fix is available to users. Apple declined to provide a timeframe.

Tag: Safari

Popular Stories

iphone 16 pro ghost hand

5 Reasons to Skip This Year's iPhone 17 Pro

Thursday July 10, 2025 4:54 am PDT by
Apple will launch its new iPhone 17 series in two months, and the iPhone 17 Pro models are expected to get a new design for the rear casing and the camera area. But more significant changes to the lineup are not expected until next year, when the iPhone 18 models arrive. If you're thinking of trading in your iPhone for this year's latest, consider the following features rumored to be coming...
Read Full Article103 comments
apple wallet drivers license feature iPhone 15 pro

Apple Says iPhone Driver's Licenses Will Expand to These 8 U.S. States

Tuesday July 8, 2025 11:26 am PDT by
In select U.S. states, residents can add their driver's license or state ID to the Wallet app on the iPhone and Apple Watch, providing a convenient and contactless way to display proof of identity or age at select airports and businesses, and in select apps. Unfortunately, this feature continues to roll out very slowly since it was announced in 2021, with only nine U.S. states, Puerto Rico,...
Read Full Article
macbook pro blue green

M5 MacBook Pro No Longer Coming in 2025

Thursday July 10, 2025 12:38 pm PDT by
Apple does not plan to refresh any Macs with updated M5 chips in 2025, according to Bloomberg's Mark Gurman. Updated MacBook Air and MacBook Pro models are now planned for the first half of 2026. Gurman previously said that Apple would debut the M5 MacBook Pro models in late 2025, but his newest report suggests that Apple is "considering" pushing them back to 2026. Apple is now said to be...
Read Full Article94 comments
apple tv 4k new orange

New Apple TV Expected Later This Year With These New Features

Saturday July 12, 2025 3:09 pm PDT by
A new Apple TV is expected to be released later this year, and a handful of new features and changes have been rumored for the device. Below, we recap what to expect from the next Apple TV, according to rumors. Rumors Faster Wi-Fi Support The next Apple TV will be equipped with Apple's own combined Wi-Fi and Bluetooth chip, according to Bloomberg's Mark Gurman. He said the chip supports ...
Read Full Article130 comments
iPhone 17 Pro in Hand Feature Lowgo

Leaker Reveals Amount of RAM in iPhone 17 Through iPhone 17 Pro Max

Wednesday July 9, 2025 8:08 am PDT by
Three out of four iPhone 17 models will feature more RAM than the equivalent iPhone 16 models, according to a new leak that aligns with previous rumors. The all-new iPhone 17 Air, the iPhone 17 Pro, and the iPhone 17 Pro Max will each be equipped with 12GB of RAM, according to Fixed Focus Digital, an account with more than two million followers on Chinese social media platform Weibo. The...
Read Full Article54 comments
iPhone 17 Pro in Hand Feature Lowgo

iPhone 17 Pro Coming Soon With These 16 New Features

Friday July 11, 2025 12:40 pm PDT by
Apple's next-generation iPhone 17 Pro and iPhone 17 Pro Max are only two months away, and there are plenty of rumors about the devices. Below, we recap key changes rumored for the iPhone 17 Pro models. Latest Rumors These rumors surfaced in June and July:A redesigned Dynamic Island: It has been rumored that all iPhone 17 models will have a redesigned Dynamic Island interface — it might ...
Read Full Article
iPhone 17 Pro in Hand Feature Lowgo

iPhone 17 Pro to Reverse iPhone X Design Decision

Monday July 7, 2025 9:46 am PDT by
Since the iPhone X in 2017, all of Apple's highest-end iPhone models have featured either stainless steel or titanium frames, but it has now been rumored that this design decision will be coming to an end with the iPhone 17 Pro models later this year. In a post on Chinese social media platform Weibo today, the account Instant Digital said that the iPhone 17 Pro models will have an aluminum...
Read Full Article131 comments
Foldable iPhone 2023 Feature 1

Foldable iPhone Display Production Begins Ahead of Launch Next Year

Wednesday July 9, 2025 10:59 pm PDT by
Production of foldable OLED displays for Apple's first foldable iPhone have begun ahead of its expected launch next year, Korea's ETNews reports. The first foldable iPhone's displays are being produced by Samsung Display, who are establishing a production line dedicated to the upcoming Apple device its A3 factory in Asan, Chungcheongnam-do. The production line will make displays exclusively...
Read Full Article119 comments

Top Rated Comments

LoveTo Avatar
LoveTo
46 months ago
I feel like I should just burn all my gadgets and go live in the mountains. ?
Score: 64 Votes (Like | Disagree)
planteater Avatar
planteater
46 months ago
Reported on November 28. That was a long time ago to have such a serious bug unpatched. I'd like to hear Apples response.
Score: 33 Votes (Like | Disagree)
antiprotest Avatar
antiprotest
46 months ago

I feel like I should just burn all my gadgets and go live in the mountains. ?
Then you will have no way to know if someone put an AirTag on you.
Score: 26 Votes (Like | Disagree)
nadozza Avatar
nadozza
46 months ago

Swell. add that to the huge bug list in Monterey.

Meanwhile Microsoft fixes bugs, adds new features on a week by week basis.
What does this have to do with Monterey? It’s a bug in WebKit. One they should have dealt with by now, but it’s not Monterey or MacOS specific.
Score: 25 Votes (Like | Disagree)
citysnaps Avatar
citysnaps
46 months ago

Swell. add that to the huge bug list in Monterey.

Meanwhile Microsoft fixes bugs, adds new features on a week by week basis.
Please...don't say stuff like that when I'm drinking milk. Not pretty.
Score: 23 Votes (Like | Disagree)
Celtic-moniker Avatar
Celtic-moniker
46 months ago

Swell. add that to the huge bug list in Monterey.

Meanwhile Microsoft fixes bugs, adds new features on a week by week basis.
Microsoft fixes bugs and adds features? I think you meant Linux.
Score: 16 Votes (Like | Disagree)
Read All Comments