theverge

Researcher reveals ‘catastrophic’ security flaw in the Arc browser

3 hours ago
1 Less than a minute

Illustration: Cath Virginia / The Verge

A security researcher revealed a “catastrophic” vulnerability in the Arc browser that would have allowed attackers to insert arbitrary code into other users’ browser sessions with little than an easily findable user ID. The vulnerability was patched on August 26th and disclosed today in a blog post by security researcher xyz3va, as well as a statement from The Browser Company. The company says that its logs indicate no users were affected by the flaw.

The exploit, CVE-2024-45489, relied on a misconfiguration in The Browser Company’s implementation of Firebase, a “database-as-a-backend service,” for storage of user info, including Arc Boosts, a feature that lets users customize the appearance of websites they visit.

In its statement,…

Continue reading…

3 hours ago
1 Less than a minute

Related Articles

Apple Vision Pro will launch with 3D movies from Disney Plus

January 16, 2024

1Password is trying for zero passwords

February 9, 2023

Telegram’s CEO has taken a hands-off approach for years — now his luck might have run out

3 weeks ago

Quick fix: restore Chrome download notifications to the bottom of the page

October 31, 2023
© Copyright 2024, All Rights Reserved  |  Tarek el ESS | Proudly Hosted by WebLebHost
Back to top button