Connect with us

Hi, what are you looking for?

Joyful Retirement SecretsJoyful Retirement Secrets

Tech News

Researcher reveals ‘catastrophic’ security flaw in the Arc browser

Published

Grayscale Arc logo on pink and black background
Illustration: Cath Virginia / The Verge

A security researcher revealed a “catastrophic” vulnerability in the Arc browser that would have allowed attackers to insert arbitrary code into other users’ browser sessions with little than an easily findable user ID. The vulnerability was patched on August 26th and disclosed today in a blog post by security researcher xyz3va, as well as a statement from The Browser Company. The company says that its logs indicate no users were affected by the flaw.

The exploit, CVE-2024-45489, relied on a misconfiguration in The Browser Company’s implementation of Firebase, a “database-as-a-backend service,” for storage of user info, including Arc Boosts, a feature that lets users customize the appearance of websites they visit.

In its statement,…

Continue reading…

In this article:

You May Also Like

Tech News

Adobe previews its upcoming text-to-video generative AI tools

Adobe’s new text-to-video and image-to-video AI features will be available in beta later this year. | Image: Adobe Adobe has teased some of its...

September 11, 2024

Tech News

Jony Ive confirms he’s working on a new device with OpenAI

Photo by Jerod Harris/Getty Images for Vox Media Jony Ive has confirmed that he’s working with OpenAI CEO Sam Altman on an AI hardware...

September 21, 2024

Editor's Pick

Bullish or Bearish? The Truth About Rate Cuts and Stock Performance

So the first Fed rate cut is behind us, and we are no longer in a “higher for longer” period, but in a new...

September 21, 2024

Tech News

Pokémon TCG Pocket wants to be a gateway to digital card collecting

The Pokemon Company When Pokémon TCG Pocket was first teased a few months back, it looked like yet another mobile app meant to capitalize...

September 19, 2024