Arc browser recently faced a serious vulnerability due to misconfigured Firebase security rules. A hacker could have executed CSS and JavaScript on any website via the browser, potentially causing significant harm without the user visiting a malicious site. The issue has been patched swiftly after being reported by a security researcher. The problem was traced back to improperly managed Firestore rules which allowed user IDs to be changed, leading to potential security breaches.
•4m watch time
4 Comments
Sort: