Skip to main content

Arc Search

1 CVEs product

Monthly

CVE-2026-12348 HIGH This Week

Address bar spoofing in The Browser Company's Arc Search for Android allows remote attackers to render attacker-controlled content beneath a legitimate-looking URL in the address bar, enabling high-fidelity phishing against mobile users. The flaw maps to CWE-1021 (improper restriction of rendered UI layers) and carries a CVSS 7.4 due to the integrity impact on user trust decisions, though successful exploitation requires user interaction. No public exploit identified at time of analysis, but a HackerOne report (#3705306) suggests reproducible POC details exist within the disclosure program.

Google XSS Arc Search
NVD
CVSS 3.1
7.4
EPSS
0.4%
EPSS 0% CVSS 7.4
HIGH This Week

Address bar spoofing in The Browser Company's Arc Search for Android allows remote attackers to render attacker-controlled content beneath a legitimate-looking URL in the address bar, enabling high-fidelity phishing against mobile users. The flaw maps to CWE-1021 (improper restriction of rendered UI layers) and carries a CVSS 7.4 due to the integrity impact on user trust decisions, though successful exploitation requires user interaction. No public exploit identified at time of analysis, but a HackerOne report (#3705306) suggests reproducible POC details exist within the disclosure program.

Google XSS Arc Search
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy