Today's Core Dump is brought to you by ThreatPerspective

The Verge - Securities

Arc browser adds security bulletins and bug bounties

The problem lived inside the Arc Boosts feature that lets you customize any website with CSS and Javascript. On top of its initial mitigations, the company says it now has disabled Boosts with Javascript by default and added a new global toggle to turn Boosts off completely in Arc version 1.61.2.

The researcher, known as xyz3va, was initially paid a $2,000 bounty for the information. Now, with the new program in place, The Browser Company is upping it to $20,000 retroactively. The vulnerability was patched on August 26th.

Published: 2024-09-27T17:37:11

© Segmentation Fault . All rights reserved.

Privacy | Terms of Use | Contact Us