Techly NewsGet the app

Get the latest tech news

Researcher reveals ‘catastrophic’ security flaw in the Arc browser


Boosts busted.

The vulnerability was patched on August 26th and disclosed today in a blog post by security researcher xyz3va, as well as a statement from The Browser Company. We use Firebase as the backend for certain Arc features (more on this below), and use it to persist Boosts for both sharing and syncing across devices. The bug was patched the next day, and the company’s statement details a list of security improvements it says it’s implementing, including setting up a bug bounty program, moving off of Firebase, disabling custom Javascript on synced Boosts, and hiring additional security staff.

Get the Android app

Or read this on The Verge

Read more on:

Photo of researcher

researcher

Photo of ARC

ARC

Photo of Arc browser

Arc browser

Related news:

News photo

OpenAI o1 Results on ARC-AGI-Pub

News photo

Researcher sued for sharing data stolen by ransomware with media

News photo

Poly (YC S22) is hiring Rust experts in SF to build "Arc browser for files"

« YouTube tests a new way for creators to avoid takedowns
Dell investigates data breach claims after hacker leaks employee info »