The Arc browser sets itself apart from competitors by offering a unique feature that allows users to customize websites using a tool called “Boosts.” This feature enables users to change background colors, fonts, and remove unwanted elements from web pages. These customizations can be shared across devices but are not meant to be visible to others. Recently, the Browser Company, creator of Arc, admitted that a security flaw was found by a researcher that could have allowed attackers to compromise systems through Boosts. The flaw was related to the use of Firebase, a backend service, to support Arc features, including Boosts. The researcher, known as “xyzeva,” detailed how attackers could manipulate creator identification tags to load malicious Boosts onto a target’s device. The company promptly fixed the issue with the researcher’s assistance and implemented additional security measures to prevent future vulnerabilities.
