Connect with us

Hi, what are you looking for?

Tech News

Researcher reveals ‘catastrophic’ security flaw in the Arc browser

Published

Grayscale Arc logo on pink and black background
Illustration: Cath Virginia / The Verge

A security researcher revealed a “catastrophic” vulnerability in the Arc browser that would have allowed attackers to insert arbitrary code into other users’ browser sessions with little than an easily findable user ID. The vulnerability was patched on August 26th and disclosed today in a blog post by security researcher xyz3va, as well as a statement from The Browser Company. The company says that its logs indicate no users were affected by the flaw.

The exploit, CVE-2024-45489, relied on a misconfiguration in The Browser Company’s implementation of Firebase, a “database-as-a-backend service,” for storage of user info, including Arc Boosts, a feature that lets users customize the appearance of websites they visit.

In its statement,…

Continue reading…

In this article:

You May Also Like

Tech News

No one’s ready for this

Image: Cath Virginia / The Verge, Stuart Franklin Our basic assumptions about photos capturing reality are about to go up in smoke. Continue reading…

August 22, 2024

Tech News

Chat, who thinks I should be president?

Image: Cath Virginia / The Verge; Getty Images Kamala Harris’ strategy to reach young voters will see her debut on Twitch tonight, where she’ll...

August 22, 2024

Tech News

Cruise closes one robotaxi investigation with a recall

Image: Cruise The US National Highway Traffic Safety Administration (NHTSA) is closing an investigation from 2022 into the GM-owned robotaxi company. The agency was...

August 22, 2024

Tech News

You can now use the Meta Quest as a screen for HDMI devices

With the right hardware, you can now connect the Meta Quest to devices with HDMI or DisplayPort output. | Photo by Becca Farsace / The...

August 15, 2024