According to a blog post by FingerprintJS, a browser fingerprinting and fraud detection service, the bug lies with the implementation of the IndexedDB on the Safari browser. Normally, a website can only see the data it generates itself. The bug allows websites to see the data from any site, rather than just its own.
Among information that the bug ends up disclosing include Google account info, which can include YouTube accounts, as well as the usage of other services like Google Calendar. All this combined could lead to the gathering of enough info that it becomes identifiable to specific users. FingerprintJS has also come up with a demo page to show you the way the bug can be exploited. For most other browsers, you should be fine, with the demo telling you that “your browser is not affected”. Run it on Safari 15, on a macOS, iOS or iPadOS device, on the other hand, and you may see something that’s like the screenshot above. (Source: FingerprintJS [1], [2] via 9to5Mac)
