gaining access to anyones browser without them even visiting a website - eva's site
gaining access to anyones browser without them even visiting a website
Hasnain says:
The response on hacker news says it all honestly. I had heard good things about Arc but now I’m definitely *not* going to try it.
“this would be the final attack chain:
obtain the user id of the victim via one of the mentioned methods
create a malicious boost with whatever payload you want on your own account
update the boost creatorID field to the targets
whenever the victim visits the targeted website, they will get compromised
the browser company normally does not do bug bounties (update: see at the end of post), but for this catastrophic of a vuln, they decided to award me with $2,000 USD”