Safari IndexedDB bug and 1P

Question

Hello,

Can you please tell us how 1P is impacted by the IndexedDB leak bug in Safari?

Thank you.

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

jack_p_1p · Answer

Hey BobW:

Thanks for checking on this! We’ve been keeping an eye on this as well. We found that a malicious site taking advantage of the IndexedDB bug could learn that 1Password in the browser (the Safari extension available for macOS or iOS/iPadOS) is in use, but would not learn any specifics about your 1Password account or what is stored in your 1Password account. When you use the extension in Safari, the bug can be misused to learn you are a 1Password user or not, but nothing else.

The 1Password.com web interface, and the apps themselves are not affected by this issue. They don’t use IndexedDB.

At the time of posting, Apple has yet to update Safari to address the issue, but keep an eye out and update as soon as you can!

Jack

bobw · Answer

So just to confirm I have this right, no account identifier is accessible (as it is, for example, with Google's stuff), nor is the locally stored secret key?

Forum Discussion

Safari IndexedDB bug and 1P

2 Replies

Featured discussions

November at 1Password: the Access-Trust gap, planning your estate, and an updated unlock experience

Recent discussions

Safari-extension not working on self hosted app

Native Password AutoFill Extension macOS

1Password 8.11.22 not available for Chrome and Firefox

How to Reveal Entire Credit Card Number

enable auto-fill for localhost (local IP network device) websites