In 2017, Apple rolled out its ITP technology, one of the most highly regarded privacy protection kits for the web around the world. The system clears out first-party cookies regularly and blocks third-party cookies by default, making it difficult for advertisers to track users. In the paper, Google’s team noted that these vulnerabilities would’ve resulted in the third-party company getting hold of sensitive and private browsing information. The flaw even allowed a site to carry out a cross-site attack and introduce another domain into the ITP list. In December, Apple quietly fixed the flaw and thanked the Google team without going into specifics: Last August, the Google security team revealed that a series of web exploits targeted Uyghur Muslims in China, using existing vulnerabilities in iOS. On the other hand, Google’s Chrome browser has been often criticized for its lack of privacy-protecting tools. Last week, the company said it is going to follow Safari and Firefox in blocking third-party cookies, but it will take two years.
