Article 6QWR2 Researcher reveals ‘catastrophic’ security flaw in the Arc browser

Researcher reveals ‘catastrophic’ security flaw in the Arc browser

by
Nathan Edwards
from The Verge - All Posts on (#6QWR2)
STK283_ARC_BROWSER.0.jpg Illustration: Cath Virginia / The Verge

A security researcher revealed a catastrophic" vulnerability in the Arc browser that would have allowed attackers to insert arbitrary code into other users' browser sessions with little more than an easily findable user ID. The vulnerability was patched on August 26th and disclosed today in a blog post by security researcher xyz3va, as well as a statement from The Browser Company. The company says that its logs indicate no users were affected by the flaw.

The exploit, CVE-2024-45489, relied on a misconfiguration in The Browser Company's implementation of Firebase, a database-as-a-backend service," for storage of user info, including Arc Boosts, a feature that lets users customize the appearance of websites they visit.

In its...

Continue reading...

External Content
Source RSS or Atom Feed
Feed Location http://www.theverge.com/rss/index.xml
Feed Title The Verge - All Posts
Feed Link https://www.theverge.com/
Reply 0 comments