MidnightBSD

Advisories for thebrowser

CVE-2024-52928

Arc before 1.26.1 on Windows has a bypass issue in the site settings that allows websites (with previously granted permissions) to add new permissions when the user clicks anywhere on the website.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L 2.8 6.0
nvd@nist.gov 8.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L 2.8 5.5

Products Affected

Vendor Product Version
thebrowser arc *