Safari 15 is exposing IndexedDB data to opened sites and in tabs and recently opened.

Sites cannot read contents of IndexedDB, however, names of databases are accessible to all sites. Google keeps user ID as a part of database name allowing cross-site tracking.

Use alternate browsers, until fix is released

Even Private Mode is vulnerable, no workarounds are available at the time.
iOS alternate browsers are also vulnerable, and Private Mode does not fully protect from tracking.

Users should use alternate browsers on macOS and wait for Apple’s fix.

Live demo: Safari Leaks

Reference:

Recommendations

Developer:

Use alternate browser on macOS. Consider using Private Mode on iOS Safari and open new tabs for new sites, if needed.

QA engineer:

Use alternate browser on macOS. Consider using Private Mode on iOS Safari and open new tabs for new sites, if needed.

PM/DM:

Use alternate browser on macOS. Consider using Private Mode on iOS Safari and open new tabs for new sites, if needed.

Leave a comment