Arc Creator The Browser Company Launches Bug Bounty Program
The Browser Company, known for its innovative Chromium-based browser, Arc, has launched an official bug bounty program. This initiative aims to enhance the browser's security measures within a rapidly evolving digital environment. The company has also introduced a new security bulletin to maintain transparent and proactive communication with users and security researchers regarding bug fixes and reports.
Background on the Security Issue
This new security initiative is in response to a significant vulnerability identified by a researcher, which had the potential to allow malicious actors to insert arbitrary code into users’ browsers merely by obtaining their easily accessible user IDs. This severe issue was linked to the Arc Boosts feature, which enables users to customize any website with CSS and JavaScript. In response, The Browser Company has introduced several critical updates:
- Disabling Boosts with JavaScript by default.
- Implementing a new global toggle to disable Boosts entirely.
- Releasing Arc version 1.61.2 to enforce these changes.
Details of the Vulnerability and Bounty Payment
The researcher, known as xyz3va, initially received a $2,000 bounty for reporting this critical vulnerability. Following the launch of the new bug bounty program, The Browser Company is retroactively increasing the bounty to $20,000. The vulnerability was officially patched on August 26th.
New Bug Bounty Program and Rewards Structure
With the inaugural bug bounty program, The Browser Company is inviting security researchers to report vulnerabilities, with a reward system based on the severity of the findings. Here’s a breakdown of the reward structure:
- Low severity findings: Up to $500 for limited scope or hard-to-exploit vulnerabilities.
- Medium severity findings: Up to $2,500.
- High severity findings: Up to $10,000.
- Critical findings: A maximum reward of $20,000.
Future Practices for Enhanced Security
In addition to the bug bounty program, The Browser Company outlined several new practices aimed at identifying and mitigating potential vulnerabilities:
- Establishing development guidelines accompanied by further code reviews.
- Commissioning security-specific code audits.
- Hiring additional staff for the security engineering team.
Conclusion
The Browser Company’s proactive approach to browser security through the new bug bounty program exemplifies its commitment to creating a secure user experience. With the community’s involvement, it aims to swiftly identify and address potential threats, ultimately fortifying its innovative browser platform.
Zostaw komentarz
Wszystkie komentarze są moderowane przed opublikowaniem.
Ta strona jest chroniona przez hCaptcha i obowiązują na niej Polityka prywatności i Warunki korzystania z usługi serwisu hCaptcha.