Researchers found that a critical flaw on Safari lets websites read your entire browsing data and even your Google ID. The issue affects all major Apple platforms – iOS 15, iPadOS 15 and macOS Monterey. The company has acknowledged the issue and is now working on a fix.
The problem lies within the IndexedDB API, which is used by pretty much all web browsers. It works as a client-side storage of data and it’s supposed to give websites access only to data that has originated from the said website. That’s called “same-origin policy”. However, the Safari bug lets websites read your entire browsing data and potentially reveal someone’s identity.
So until Apple squashes the bug, you can either use a different browser altogether or disable JavaScript for the websites you don’t trust.