Home

Description

Arc before 1.26.1 on Windows has a bypass issue in the site settings that allows websites (with previously granted permissions) to add new permissions when the user clicks anywhere on the website.

PUBLISHED Reserved 2024-11-18 | Published 2025-06-26 | Updated 2025-06-27 | Assigner mitre




CRITICAL: 9.6CVSS:3.1/AC:L/AV:N/A:L/C:H/I:H/PR:N/S:C/UI:R

References

thebrowser.company

arc.net/security/bulletins

cve.org (CVE-2024-52928)

nvd.nist.gov (CVE-2024-52928)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.