Catastrophic Security Flaw in Arc Browser Exposed by Researcher
Catastrophic Security Flaw in Arc Browser
A critical security bug was recently uncovered in the Arc browser, exposing users to potential risks. This catastrophic vulnerability, discovered by security researcher xyz3va, enabled attackers to execute arbitrary code in other users' browser sessions through easily obtainable user IDs.
Vulnerability Details
The exploit, coded as CVE-2024-45489, was linked to a misconfiguration in Firebase access control lists. This security lapse allowed unauthorized changes to the creatorID of user-generated Boosts, enabling malicious scripts to run on victims’ accounts without their knowledge.
- Linkable Attack Vector: Users' creatorIDs were accessible through various channels.
- Quick Response: The Browser Company acted swiftly after the issue was reported, patching it the following day.
Future Security Measures
In response to this incident, The Browser Company is implementing several critical security enhancements. These include the establishment of a bug bounty program, transitioning from Firebase, and employing additional security personnel.
This article was prepared using information from open sources in accordance with the principles of Ethical Policy. The editorial team is not responsible for absolute accuracy, as it relies on data from the sources referenced.