top of page
-

Arc browser introduces security bulletins and launches bug bounty programs.




Arc creator, The Browser Company, has launched a bug bounty program to ensure the security of its Chromium-based browser. In addition, they introduced a security bulletin aimed at maintaining transparent and proactive communication with users and researchers about bug fixes. These changes were implemented following the discovery of a critical vulnerability by a researcher named xyz3va. This flaw could have allowed malicious actors to insert arbitrary code into a user’s browser by using their easily accessible user ID. The vulnerability was linked to the Arc Boosts feature, which enables customization of websites through CSS and Javascript. 

In response, the company disabled Javascript in Boosts by default and added an option to completely turn off Boosts in Arc version 1.61.2. Initially, the researcher was rewarded $2,000, but under the new bug bounty program, this amount was increased to $20,000 retroactively. The vulnerability was patched on August 26th.

The new program allows security researchers to submit vulnerabilities and receive rewards based on the severity of the bug. Low-severity issues can earn up to $500, medium-severity findings up to $2,500, high-severity up to $10,000, and critical bugs can result in a $20,000 payout. Additionally, the company introduced measures such as stricter development guidelines, security audits, and expanded its security engineering team to better identify and address vulnerabilities.


1 view0 comments

Comments


bottom of page