研究人员揭示Arc浏览器中的“灾难性”安全漏洞
原文英文,约200词,阅读约需1分钟。发表于:。Illustration: Cath Virginia / The Verge A security researcher revealed a “catastrophic” vulnerability in the Arc browser that would have allowed attackers to insert arbitrary code into other...
Arc的Boosts功能允许用户自定义CSS和Javascript来定制网站。然而,由于Firebase ACLs配置错误,用户可以更改Boost的creatorID,导致自定义的CSS或JS在网站上运行。
/cdn.vox-cdn.com/uploads/chorus_asset/file/25631539/STK283_ARC_BROWSER.jpg)
