September 25, 2024 at 03:50PM

■■□□□ Gaining access to anyones browser without them even visiting a website.

The blog post discusses a vulnerability in Arc Browser involving Firebase Firestore, which could allow an attacker to manipulate Arc “boosts” (custom JavaScript and CSS modifications) by changing their creatorID. This exploit can potentially compromise the victim’s browser when visiting certain websites. The post also details how user IDs can be obtained through referrals or shared content and explains how Arc addressed the issue by patching it and awarding a bug bounty.

https://kibty.town/blog/arc/

https://t.me/cKure/14755