This content originally appeared on Bram.us and was authored by Bramus!
There’s a pretty nasty exploit in Safari 15, where sites/tabs that interact with an IndexedDB database leak that name to other tabs.
In Safari 15 on macOS, and in all browsers on iOS and iPadOS 15, the IndexedDB API is violating the same-origin policy. Every time a website interacts with a database, a new (empty) database with the same name is created in all other active frames, tabs, and windows within the same browser session. Windows and tabs usually share the same session, unless you switch to a different profile or open a private window.
As some sites — such as Google’s properties — include a unique identifier in the database name, that information can be used to identify a user.
The security bug was reported in November but had gone unnoticed. (Because it was filed a security bug, it’s not publicly accessible)
Exploiting IndexedDB API information leaks in Safari 15 →
Safari 15 IndexedDB Leaks →
Safari 15 IndexedDB Leaks Code →
This content originally appeared on Bram.us and was authored by Bramus!
Bramus! | Sciencx (2022-01-16T00:10:43+00:00) Exploiting IndexedDB API information leaks in Safari 15. Retrieved from https://www.scien.cx/2022/01/16/exploiting-indexeddb-api-information-leaks-in-safari-15/
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.