Arc Browser, widely known for its innovative website customisation feature Boosts, recently encountered a severe security flaw that jeopardised user safety.
A security researcher identified a vulnerability within Boosts that allowed attackers to inject malicious code into these customisations, potentially compromising user systems.
Read also: Don’t fall victim: How to spot and avoid phishing scams targeting AppleCare+
Arc Browser’s boosts feature and its vulnerabilities
Boosts allow users to personalise their browsing experience by adjusting elements like colours, fonts, and the layout of websites. While this feature has been popular among users, the security flaw revealed a significant risk.
The vulnerability enabled attackers to create harmful Boosts containing malware. When an unsuspecting user visited a website enhanced with a compromised Boost, the malware could be downloaded directly to their system.
Adding more confusion to the problem, the authors uncovered that attackers can obtain user IDs within the browser. This makes it easier to focus on specific people, which increases the threat level for Arc users. This ease of access to obtain user IDs makes it possible for hackers to launch even more concentrated attacks, raising the risk factor.
If an infected Boost application was installed, the effects could be drastic. This could allow them to compromise the user’s system, steal files, plant ransomware, or cause havoc. The consequences of this flaw do not stop with risks to personal data; the errors might lead to significant operational problems for the targeted people.
Read also: Ghana tops global cybersecurity ranking for 2024
Arc Browser’s developer’s response and user safety
Arc Browser and the company behind it, The Browser Company, are aware of the vulnerability, and the latter plans to release a security update to resolve it. As for this finding, users should continue to exercise care utilising the browser and avoid engaging with those website changes that appear to be malicious. Updating the Arc browser will also have the advantage of just fixing all the necessary security loose screws that have been developed to be part of the common issues that the current browsers are facing.
This event is a good testimony that although features can improve the browsing experience of the custom individual, reasonable security measures are required. Security should be valued in opposition to service customisation since users transact with unique software that changes the web.