Safari IndexedDB bug and 1P

Options
BobW
BobW
Community Member
edited January 2022 in 1Password in the Browser

Hello,

Can you please tell us how 1P is impacted by the IndexedDB leak bug in Safari?

Thank you.

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

Comments

  • Jack.P_1P
    Jack.P_1P
    Options

    Hey @BobW:

    Thanks for checking on this! We’ve been keeping an eye on this as well. We found that a malicious site taking advantage of the IndexedDB bug could learn that 1Password in the browser (the Safari extension available for macOS or iOS/iPadOS) is in use, but would not learn any specifics about your 1Password account or what is stored in your 1Password account. When you use the extension in Safari, the bug can be misused to learn you are a 1Password user or not, but nothing else.

    The 1Password.com web interface, and the apps themselves are not affected by this issue. They don’t use IndexedDB.

    At the time of posting, Apple has yet to update Safari to address the issue, but keep an eye out and update as soon as you can!

    Jack

  • BobW
    BobW
    Community Member
    edited January 2022
    Options

    So just to confirm I have this right, no account identifier is accessible (as it is, for example, with Google's stuff), nor is the locally stored secret key?

This discussion has been closed.