When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
Security researchers can now earn money by finding bugs in the Arcbrowser, the company has revealed.
The surfing app Company decided to set up its own bug bounty program after being tipped off about CVE-2024-45489.
This was a critical vulnerability affecting versions before 2024-08-26, allowing for remote code execution through JavaScript boosts.
This is also probably why the researcher who disclosed the vulnerability was only awarded $2,000 for their discovery.
The bug was addressed in late August 2024, by disabling auto-syncing of Boosts with JavaScript.
Furthermore, late last month, the team added a toggle to turn off all Boost-related features.
ViaBleepingComputer
