It’s clearly a not great bug, but historically (by design) you could get more information via CSS. The only increase is trackability is extracting the google id because I guess google includes that in the db name??
Why would you have to guess when the source describe it. Anyway, funny how you mention "only"- the "only" increase in trackability is to be able to retrieve user information about users using the world's most popular online services. I don't want pornhub to be able to view my photo from Google. Comparing this to CSS fingerprinting seems misinformed at best.
* Finding your browsing history: historically this was just as trivial as the DB name leak
* Finding the google ID: this is the bigger issue and provides a very concrete way of tracking a specific user.
I was trying (admittedly terribly) to say the browsing history is not the worst bug in the grand history of the web, although it is very clearly bad.
The bigger issue is the google tracking ID being leaked to third parties.
[edit: I incorrectly claimed there was a google id when you weren't using a google account, forgetting of course that YouTube is part of google. herp derp. I work in tech and use to work on a browser engine]
I might be misunderstanding you, but it's a leak of database name, not database contents. You can tell someone visited a website by looking at the name, but your photo from Google is safe.
I'm so confused now. Did you read about the issue? I wonder if I misunderstood maybe.
As I understand it:
According to the source, Google inserts unique user ID is into database name. An attacker can make a request to Google, pass in this unique user ID into their API and get profile details, for example a photo back.
The attacker does not need access to the database data, only the database name, since the user ID is embedded in the _name_.
You are right it's a leak of a database name, but Google store sensitive data in the database name.
My reading was that a user can be identified by the userid. I'm not sure what other actions just having an userid authorizes, but I would lay that bit on google.
There are clearly two issues here, only the first one of which has been demonstrated. One is the leak of database names, which is on Apple. The other one is releasing sensitive data on insufficient authorisation(just an user id), which would be on google.
It’s clearly a not great bug, but historically (by design) you could get more information via CSS. The only increase is trackability is extracting the google id because I guess google includes that in the db name??