Connect with us

Tech

Safari 15 may leak Google account information to malicious sites The Register

Published

on

 


Improperly implemented APIs to store data in browsers could lead to a vulnerability in Safari 15 that could compromise a user’s internet activity and personal identifier.

This vulnerability was discovered by FingerprintJS, a fraud detection service that contacts WebKit maintainers to provide a public source code repository.

As of November 28, last year, this issue had not been fixed, so the Fingerprint JS team decided to publish the findings to encourage a restoration expedition.

A commonly used low-level JavaScript API called IndexedDB follows the same-origin policy. That is, a document or script associated with one origin must not interact with resources associated with another origin. A web page opened in one tab of a browser may have the next tab for obvious reasons, such as when one tab is used to access a user’s bank and the other tab visits a malicious website. You need to prevent sharing of data.

However, for this particular indexed database, the individual pages interact and endanger the user. When using Safari 15, which relies on IndexedDB, every time a website interacts with a database, a new empty database with the same name is created in every active frame, tab, and window in the same browser session. This allows other websites to access the name of the database. A bug in Safari could expose information published, for example, from your Google account.

Users who log in to their Google account will have a unique Google user ID in the name of their database. If your site gets a Google User ID and uses it to retrieve personal information, you can use the database name to extract the identity from the look-up table.

However, malicious websites can not only identify a user, but can also stitch together multiple individual accounts from the same user without doing anything other than running a window in the background. I can do it. Malicious websites can open other websites if programmed with an iframe or pop-up, and thus open a Pandora box that leaks data.

Fingerprint JS has created a video explaining the process.

Youtube video

The team found that more than 30 of the Alexa Top 1000 websites interact with the indexed database on the home page without the user having to do anything.

Unfortunately, browsing in private mode did not solve the problem, but the range of information available through the leak is further limited by the nature of the tool.

The fraud detection service has created a demo to help users of Google accounts identify recently opened or recently opened sites. Apple needs to use WebKit in these browsers, so when used in combination with Safari 15 on macOS, iOS 15 or iPad OS 15, search for over 20 specific websites and Google accounts that have been found to be problematic. To do.

Other than surfing the web with Apple products, according to the team, except to block JavaScript, not use a Google account, or switch to another browser if available (not available on iOS and iPad OS). There is little to do other than wait.

That’s a bit ironic, given that in June 2020 Apple refused to implement 16 WebAPIs in Safari’s WebKit engine, claiming to pose a privacy threat. Some researchers praised the move as a privacy triumph, but many ridiculed and decided that actions were taken to force the use of native iOS apps and the income they generate. Responded to.

Of course, this kind of product-only approach goes beyond the company’s browser. Just last week, Apple stopped stalling and was forced to allow a third-party app billing system in South Korea in accordance with South Korea’s Telecommunications Business Act. Google was ordered to do the same in September and was compiled in November two months before Apple.

The use of WebKit, or IndexedDB steam rolling, has been problematic in the past. A bug in Safari 14.1.1 on macOS 11.4 and iOS 14.6 was revealed when the application first tried to save data using IndexedDB NoSQL Manager, causing user anger last June. .. One open source developer described Apple as “totally hostile to the Web.”

Sources

1/ https://Google.com/

2/ https://www.theregister.com/2022/01/17/safari_15_indexeddb_bug/

The mention sources can contact us to remove/changing this article

What Are The Main Benefits Of Comparing Car Insurance Quotes Online

LOS ANGELES, CA / ACCESSWIRE / June 24, 2020, / Compare-autoinsurance.Org has launched a new blog post that presents the main benefits of comparing multiple car insurance quotes. For more info and free online quotes, please visit https://compare-autoinsurance.Org/the-advantages-of-comparing-prices-with-car-insurance-quotes-online/ The modern society has numerous technological advantages. One important advantage is the speed at which information is sent and received. With the help of the internet, the shopping habits of many persons have drastically changed. The car insurance industry hasn't remained untouched by these changes. On the internet, drivers can compare insurance prices and find out which sellers have the best offers. View photos The advantages of comparing online car insurance quotes are the following: Online quotes can be obtained from anywhere and at any time. Unlike physical insurance agencies, websites don't have a specific schedule and they are available at any time. Drivers that have busy working schedules, can compare quotes from anywhere and at any time, even at midnight. Multiple choices. Almost all insurance providers, no matter if they are well-known brands or just local insurers, have an online presence. Online quotes will allow policyholders the chance to discover multiple insurance companies and check their prices. Drivers are no longer required to get quotes from just a few known insurance companies. Also, local and regional insurers can provide lower insurance rates for the same services. Accurate insurance estimates. Online quotes can only be accurate if the customers provide accurate and real info about their car models and driving history. Lying about past driving incidents can make the price estimates to be lower, but when dealing with an insurance company lying to them is useless. Usually, insurance companies will do research about a potential customer before granting him coverage. Online quotes can be sorted easily. Although drivers are recommended to not choose a policy just based on its price, drivers can easily sort quotes by insurance price. Using brokerage websites will allow drivers to get quotes from multiple insurers, thus making the comparison faster and easier. For additional info, money-saving tips, and free car insurance quotes, visit https://compare-autoinsurance.Org/ Compare-autoinsurance.Org is an online provider of life, home, health, and auto insurance quotes. This website is unique because it does not simply stick to one kind of insurance provider, but brings the clients the best deals from many different online insurance carriers. In this way, clients have access to offers from multiple carriers all in one place: this website. On this site, customers have access to quotes for insurance plans from various agencies, such as local or nationwide agencies, brand names insurance companies, etc. "Online quotes can easily help drivers obtain better car insurance deals. All they have to do is to complete an online form with accurate and real info, then compare prices", said Russell Rabichev, Marketing Director of Internet Marketing Company. CONTACT: Company Name: Internet Marketing CompanyPerson for contact Name: Gurgu CPhone Number: (818) 359-3898Email: [email protected]: https://compare-autoinsurance.Org/ SOURCE: Compare-autoinsurance.Org View source version on accesswire.Com:https://www.Accesswire.Com/595055/What-Are-The-Main-Benefits-Of-Comparing-Car-Insurance-Quotes-Online View photos

ExBUlletin

to request, modification Contact us at Here or [email protected]