Arc browser adds security bulletins and bug bounties

Illustration: Cath Virginia / The Verge Arc creator The Browser Company has officially started a bug bounty program to keep its growing Chromium-based browser’s security in check. The company is also launching a new security bulletin to maintain “transparent and proactive communication” with users and researchers on bug fixes and reports. These security revisions followed a devastating bug a researcher found and reported to the company that would’ve allowed bad actors to insert arbitrary code into anyone’s browser just by knowing their easily findable user ID. The problem lived inside the Arc Boosts feature that lets you customize any website with CSS and Javascript. On top of its initial mitigations, the company says it now has disabled Boosts with Javascript by default and... Continue reading…

Sep 29, 2024 - 13:51
 0  1
Arc browser adds security bulletins and bug bounties
Grayscale Arc logo on pink and blue background.
Illustration: Cath Virginia / The Verge

Arc creator The Browser Company has officially started a bug bounty program to keep its growing Chromium-based browser’s security in check. The company is also launching a new security bulletin to maintain “transparent and proactive communication” with users and researchers on bug fixes and reports.

These security revisions followed a devastating bug a researcher found and reported to the company that would’ve allowed bad actors to insert arbitrary code into anyone’s browser just by knowing their easily findable user ID.

The problem lived inside the Arc Boosts feature that lets you customize any website with CSS and Javascript. On top of its initial mitigations, the company says it now has disabled Boosts with Javascript by default and...

Continue reading…