/cdn.vox-cdn.com/uploads/chorus_asset/file/25631555/STK283_ARC_BROWSER_B.jpg?w=696&resize=696,0&ssl=1 "Arc Browser Enhances Security with Bug Bounties")
The Browser Company, creator of Arc, has initiated a bug bounty program to ensure the security of its Chromium-based browser. Additionally, a new security bulletin has been introduced to maintain open communication with users and researchers regarding bug fixes and reports.
Security Revisions and Vulnerability Fix
Following a critical bug discovery, the company swiftly addressed potential threats that could have allowed malicious actors to inject arbitrary code into users’ browsers by exploiting easily obtainable user IDs.
The vulnerability was found within the Arc Boosts feature, designed for customizing websites with CSS and Javascript. To enhance security measures, the company disabled Boosts with Javascript enabled by default and introduced a global toggle to deactivate Boosts entirely in Arc version 1.61.2.
Bug Bounty Program Rewards
The researcher, identified as xyz3va, initially received a $2,000 bounty for reporting the vulnerability. With the new bug bounty program in place, the reward has been increased to $20,000 retroactively, reflecting the company’s commitment to proactive security measures. The bug was successfully patched on August 26th.
Under the new program, security researchers can submit reports and receive rewards based on the severity of the identified bugs. Rewards range from $500 for low severity findings to $20,000 for critical vulnerabilities.
Enhanced Security Practices
In addition to the bug bounty program, the company has outlined new security practices to identify and address vulnerabilities effectively. These measures include development guidelines, code reviews, security-specific audits, and the expansion of the security engineering team.
FAQs
Q: What is The Browser Company’s bug bounty program about?
A: The bug bounty program aims to incentivize security researchers to identify and report vulnerabilities in the Arc browser, with rewards ranging from $500 to $20,000 based on severity.
Q: How was the critical vulnerability in Arc discovered?
A: The vulnerability was found by a researcher known as xyz3va, who reported it to The Browser Company and received a bounty for the information.
Q: What steps has The Browser Company taken to enhance security following the bug discovery?
A: The company has disabled Boosts with Javascript by default and introduced a global toggle to deactivate Boosts entirely in Arc version 1.61.2, among other security measures.
Q: When was the vulnerability patched?
A: The vulnerability in Arc was successfully patched on August 26th, following the implementation of security updates and bug fixes.
Credit: www.theverge.com
