Premium
This is an archive article published on September 21, 2024

Researcher discovers Arc browser vulnerability that allowed hackers to access your browser

The security exploit was shared with Arc browser developers, who were quick to patch it.

google-preferred-btn
Arc browser was launched on Windows earlier this year.Arc browser was launched on Windows earlier this year. (Image Source: The Browser Company)

Arc Browser, the popular Google Chrome competitor developed by The Browser Company had a “catastrophic” security flaw that might have allowed hackers access to your browser.

According to a recent blog post shared by the CEO and Cofounder of The Browser Company, the security vulnerability existed in Arc before August 25 and was fixed a day later.

Spotted by a security researcher who goes by the name “xyzeva”, the exploit lies within Arc Boosts, which allows users to run any “custom CSS and Javascript” on all websites. While these scripts cannot be shared with members, the developers synced them to Arc servers.

Story continues below this ad

On further digging, the researcher discovered that they could change anyone’s User ID to anything they liked. So when the victim used Arc the next time, it allowed the security researcher to “gain access to anyone’s browser without them even visiting a website.”

Also Read | Qualcomm approached Intel about a takeover in recent days

However, if you are using Arc, there’s no need to worry as the researcher has already shared the issue with The Browser Company, who was quick to fix the vulnerability. The developers also said that no users were affected by the exploit and that they are working to expand their manpower to fix such bugs and has migrated from Firebase for new products and features to avoid such issues.

Earlier this year, the Arc Search app on iPhone added a new feature called “Call Arc” that lets you ask questions on a phone call.

 

© IE Online Media Services Pvt Ltd
Latest Comment
Post Comment
Read Comments
Advertisement
Top Stories
A cyclist makes his way through rain triggered by cyclone Montha, in Chennai, Tamil Nadu
Cyclone Montha approachingAndhra’s coastal districts hit by rain; senior citizens, pregnant women moved to camps
Hrithik Roshan and Sanjay Dutt in a still from Vidhu Vinod Chopra's Mission Kashmir
EntertainmentMission Kashmir: Hrithik Roshan was paid Rs 11 lakh while Bhumbro was shot for Rs 1 cr; Vidhu Vinod Chopra would have lost his home if film flopped
Tyler Oliveira later shared a screenshot claiming, “My videos capturing India’s poop-throwing festivals are already getting mass reported" (Image source: @BRICSinfo/X)
TrendingUS YouTuber Tyler Oliveira triggers backlash after filming cow dung-flinging ritual in Indian village: who is he?
Rohit, at 38 and with 11,168 runs before boarding the flight to Australia was a certified 50-over colossus. (AP Photo)
SportsFor Rohit Sharma, every game is like playing his first match and last match at the same time
As nutrition is the central concern of regenerative agriculture, India must prioritise nutritional security by enhancing domestic production of pulses and oilseeds—crops that require fewer inputs and naturally fix nitrogen in the soil. To address this, the government has launched the Rs 11,440 crore ‘Mission for Aatmanirbharta in Pulses’ (2025–26 to 2030–31) — it aims to scale up domestic pulse production to 350 lakh tonnes. (C R Sasikumar)
OpinionMake the farm atmanirbhar
Live Blog
Loading Taboola...
Advertisement