Arc Browser, a popular Google Chrome rival created by The Browser Company, had a “catastrophic” security hole that may have given hackers access to your browser.
According to a recent blog post by The Browser Company’s CEO and Cofounder, the security vulnerability existed in Arc prior to August 25 and was addressed the following day.
The vulnerability, discovered by a security researcher going by the handle “xyzeva,” is included within Arc Boosts, which allows users to execute any “custom CSS and Javascript” on any website. Although these scripts cannot be shared with members, the developers have synchronized them to Arc servers.
Following additional investigation, the researcher realized that they could modify anyone’s User ID to whatever they wanted. So, the following time the victim utilized Arc, the security researcher was able to “gain access to anyone’s browser without them even visiting a website.”
Also Read: Qualcomm recently approached Intel about a takeover.
However, if you are using Arc, there is no need to be concerned because the researcher has already disclosed the issue with The Browser Company, which has quickly fixed the vulnerability. The developers also said that no consumers were harmed by the exploit, that they are striving to increase their staff to tackle such flaws, and that they have transitioned from Firebase for new products and features to avoid similar concerns.