top of page

Arc Browser Enhances Security with Bug Bounties and Transparency Bulletins

28/9/24

By:

BR Hariyani

A significant security vulnerability prompts Arc to step up its security measures with a new bug bounty program and proactive user communication.

A significant security vulnerability prompts Arc to step up its security measures with a new bug bounty program and proactive user communication.

Arc Browser, developed by The Browser Company, has taken a major step to enhance its security framework. Following the discovery of a critical security flaw, Arc has launched a comprehensive bug bounty program and introduced a security bulletin to ensure transparent communication with users regarding vulnerabilities and patches. This comes in the wake of a serious bug found by a security researcher, which could have allowed attackers to take control of users’ browsers.

The Critical Flaw and Its Aftermath

The turning point for Arc's new security measures was the discovery of a vulnerability in its Boosts feature. Boosts allow users to customize websites with CSS and JavaScript. Unfortunately, the flaw made it possible for attackers to insert malicious code into a victim's browser, all by simply knowing the user’s ID, which was easy to locate.

The security researcher, who goes by the name xyz3va, promptly reported the issue. Initially, Arc rewarded the researcher with a $2,000 bounty. However, after further evaluation and recognizing the gravity of the bug, Arc retroactively increased the reward to $20,000.

Arc’s developers have since patched the vulnerability with version 1.61.2, which was released on August 26th. The update disables JavaScript in Boosts by default and adds a new global toggle that allows users to completely turn off the Boosts feature if desired.

Introducing the Bug Bounty Program

With this critical incident as a wake-up call, The Browser Company has unveiled a bug bounty program designed to incentivize security researchers to identify and report potential threats before they can be exploited. The rewards vary depending on the severity of the bug:

  • Low severity bugs: Up to $500 for issues that are limited in scope or hard to exploit.

  • Medium severity bugs: Up to $2,500 for more exploitable, but not widespread issues.

  • High severity bugs: Up to $10,000 for vulnerabilities that pose significant risk.

  • Critical severity bugs: The top reward of $20,000 for vulnerabilities that have a major impact and are easily exploitable.

This structured reward system encourages proactive security research, ensuring that flaws are caught and addressed early on.

The Security Bulletin: Transparent Communication with Users

In addition to the bug bounty program, Arc has launched a security bulletin that will regularly update users and researchers about newly discovered vulnerabilities, fixes, and other security-related information. This move toward proactive transparency helps users stay informed about the safety of their browser and creates a clear line of communication between The Browser Company and its user base.

This bulletin ensures that users are not left in the dark when critical bugs are found and fixed. It also fosters trust between the company and the growing Arc browser community, showcasing that Arc is committed to maintaining a secure environment for its users.

Enhancing Security Practices

Beyond these immediate changes, Arc has adopted a number of long-term security practices to minimize vulnerabilities in the future. These include:

  • Stricter development guidelines: Arc developers are now required to follow enhanced coding standards to avoid security loopholes.

  • Comprehensive code reviews: Each new feature or update will go through security-specific audits to identify any potential risks before they reach the end-user.

  • Expanded security team: Arc is also expanding its team by hiring additional security engineers who will focus solely on finding and fixing vulnerabilities.

A New Era of Security for Arc

As Arc continues to grow in popularity, especially among Chromium-based browser users, these new security measures mark a significant milestone in its development. By offering meaningful rewards through its bug bounty program and ensuring transparent communication with the community, Arc is positioning itself as a secure and trustworthy browser.

Josh Miller, the creator of Arc, has previously emphasized the need for a better browser than Chrome, and with these security updates, Arc is well on its way to setting a higher standard for browser safety and user trust.

Key Takeaways:

  • Arc Browser launches a bug bounty program with rewards up to $20,000 based on the severity of the bugs.

  • A newly introduced security bulletin ensures transparent communication with users about bug fixes and vulnerabilities.

  • Following a critical flaw, Arc has improved its security practices, including more stringent code reviews and hiring a larger security team.

  • The security patch for the Boosts feature, released in version 1.61.2, disables JavaScript by default and includes a global toggle for disabling Boosts entirely.


For more updates on the latest in tech, browsers, and cybersecurity, stay tuned to Kushal Bharat Tech News.


Follow Kushal Bharat Tech News for detailed insights into software developments, tech trends, and the latest security updates.

All images used in the articles published by Kushal Bharat Tech News are the property of Verge. We use these images under proper authorization and with full respect to the original copyright holders. Unauthorized use or reproduction of these images is strictly prohibited. For any inquiries or permissions related to the images, please contact Verge directly.

Latest News

5/12/24

Apple Enables iCloud Password Syncing with Firefox on macOS

Official Extension Lacks Windows Support but Expands Accessibility for macOS Users

5/12/24

OpenAI Partners with Defense Tech Firm Anduril to Enhance Counterdrone Systems

A Strategic Collaboration Marks OpenAI’s First Foray into Military Technology

5/12/24

Wahoo Fitness Unveils Elemnt Ace: A Revolution in Cycling Performance Analysis

Advanced Air Pressure Sensor Calculates Wind Resistance for Cyclists

bottom of page