safarileaks.com Open in urlscan Pro
75.2.60.5  Public Scan

Form analysis
0 forms found in the DOM

Text Content

You need to enable JavaScript to run this app.


SAFARI 15 INDEXEDDB LEAKS

Your browser is not affected. Please open this demo in Safari 15 on macOS, or
any browser on iOS and iPadOS 15.


WHAT IS THIS VULNERABILITY AND WHO IS AFFECTED?

This demo showcases information leaks resulting from an IndexedDB same-origin
policy violation in WebKit (a browser engine primarily used in Safari, as well
as all iOS and iPadOS web browsers). You can test this demo on all affected
browsers: Safari 15 on macOS, or any browser on iOS and iPadOS 15.

The demo illustrates how any website can learn a visitor's recent and current
browsing activity (websites visited in different tabs or windows) using this
leak. For visitors, logged into Google services, this demo can also leak Google
User IDs and profile pictures.

The demo detects the following websites:

alibaba.comanchor.fmapp.slack.com*bloomberg.comboston.comcalendar.google.com*cnet.comcomputerworld.comctvnews.cadevelopers.google.comdropbox.comglobalnews.cahuffingtonpost.comindiegogo.cominstagram.comkeep.google.com*netflix.com*nymag.compexels.comrollingstone.comstandard.co.ukstitcher.comtheglobeandmail.comtimeout.comtwitter.comvk.comweather.comweb.whatsapp.comxbox.comyoutube.com
* Requires an authenticated session

This is not an exhaustive list of affected websites. All websites that interact
with the IndexedDB API can potentially be detected.

FingerprintJSSource CodeArticle