Users of Apple devices are faced with a serious vulnerability in a proprietary browser. It allows attackers to gain access to the browser history and to some Google account data. The vulnerability exists in Safari 15 on all supported platforms, and even in third-party browsers running on iOS 15 and iPadOS 15, as it is related to the IndexedDB framework, which is used in many browsers to store data. It breaks the same-origin principle, which prevents documents and scripts from one location (such as a domain or protocol) from interacting with content from another. As a result, websites with the corresponding code have access to the above information.
Attackers only know the names of the records, not the values. However, this is enough to get the Google username, find the profile picture, and find out something else about the user. The history can also be used to build a rudimentary profile of the sites he likes. As stated, the vulnerability cannot be hidden even in private browsing mode.
According to the source, he reported the problem to Apple on November 28, but the company has not yet fixed it with security patches.