Advertisements
in

Arc Browser Security Flaw Exposed Fixed Before Any Harm

Arc Browser Security Flaw Exposed but Fixed Before Any Damage Occurred

Arc Browser Security Flaw Fixed: No Users Affected.
Arc Browser Security Flaw Fixed: No Users Affected.

A security researcher recently uncovered a dangerous flaw in the Arc Browser, which had the potential to compromise users’ privacy and browser security. The flaw allowed remote code execution, meaning a hacker could run malicious code on a user’s browser without their knowledge. Thankfully, the issue was discovered and fixed before any users were affected.

Arc Browser

Arc is a free web browser created by The Browser Company, founded by Josh Miller and Hursh Agrawal. 

It was officially released on July 25, 2023, after a beta test. Arc is available on macOS, iOS, and Windows. It’s built using Chromium and allows Chrome extensions.

Notably, it includes unique features like a scrapbook-style “easel” and “boosts,” which let users customise websites. 

Advertisements

Arc aims to be more than just a browser, offering an integrated, creative experience. While critics praise its innovative approach, some believe it could still use refinement

A Critical Security Flaw

The security vulnerability was found in Arc Browser’s “Boost” feature, which lets users apply custom CSS and JavaScript to websites. 

Each boost was linked to a specific User ID for security. However, a researcher who goes by “xyzeva” discovered a flaw in the system. 

By tweaking the boost’s User ID, she was able to assign malicious code to other users. This allowed her to take control of their browsers without them visiting any specific website.

Advertisements

In a harmless demonstration, she created a boost that made a popup saying “arf awrf!” whenever her target visited Google. While this test was innocent, it highlighted the potential for far more dangerous attacks.

Quick Action Taken

The researcher, a professional pentester, responsibly reported the bug to Arc, earning a $2,000 reward. 

Arc’s development team swiftly addressed the issue, ensuring that no users were harmed by the exploit.

 In their blog post, Arc confirmed that the flaw has been fixed and that only the researcher identified it.

Follow Wat-Not on FacebookTwitter, and Instagram

Advertisements
Avatar

Written by Isha Sharma

I am an undergraduate Journalism student at Delhi University. I bring a unique blend of confidence and creativity to the table. Whether I'm in front of the camera or working diligently behind it, I thrive on the art of storytelling. A passionate cricket enthusiast with a deep admiration for Mahendra Singh Dhoni, I believe that the journey of our thoughts and actions is far more important than the final outcome. My approach to life and work is grounded in being fully present, which allows me to craft meaningful narratives. Additionally, I have a knack for using Canva to bring my ideas to life visually.

Advertisements
Advertisements

Leave a Reply

Avatar

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

Advertisements
Kim Kardashian Ices Back in Leather Outfit

Kim Kardashian Ices Back in Stylish Leather Look, Shares Pics

Mouse in Meal Sparks Emergency Landing Drama

Flight Diverted After Passenger Finds Live Mouse in In-Flight Meal

Advertisements