SentinelOne
CVE Vulnerability Database
Vulnerability Database/CVE-2024-45489

CVE-2024-45489: Arc Browser JavaScript RCE Vulnerability

CVE-2024-45489 is a remote code execution vulnerability in Arc Browser's JavaScript boosts feature caused by misconfigured Firebase ACLs. This article covers the technical details, affected versions, and mitigation strategies.

Updated:

CVE-2024-45489 Overview

Arc before 2024-08-26 allows remote code execution in JavaScript boosts. Boosts that run JavaScript cannot be shared by default; however, due to misconfigured Firebase ACLs, it is possible to create or update a boost using another user's ID. This installs the boost in the victim's browser and runs arbitrary JavaScript on that browser in a privileged context. NOTE: this is a no-action cloud vulnerability with zero affected users.

Critical Impact

Potential remote code execution due to misconfigured access controls in a cloud environment.

Affected Products

  • Not Available

Discovery Timeline

  • 2024-09-20 - CVE CVE-2024-45489 published to NVD
  • 2024-09-26 - Last updated in NVD database

Technical Details for CVE-2024-45489

Vulnerability Analysis

The vulnerability arises from improper access control configurations within Firebase, allowing unauthorized users to execute remote code in the context of arbitrary browsers. This misconfiguration permits unauthorized creation or updates to JavaScript boosts which then get executed by unsuspecting users.

Root Cause

Improper configuration of Firebase ACLs that failed to restrict unauthorized user access to shared boosts.

Attack Vector

The attack can be conducted remotely over a network by exploiting the misconfigured access controls within Firebase.

javascript
// Example exploitation code (sanitized)
const exploitBoost = (userId) => {
  fetch(`https://firebaseurl.com/boost/${userId}`, {
    method: 'POST',
    body: JSON.stringify({ script: "alert('Exploit executed');" })
  });
};

Detection Methods for CVE-2024-45489

Indicators of Compromise

  • Unauthorized JavaScript boosts present in user browsers
  • Unexpected Firebase access logs
  • Audit logs showing abnormal boost creation or updates

Detection Strategies

Implement monitoring for unusual patterns in Firebase logs and user browser activity. Ensure that logging captures boost-related activities, focusing on creation and update operations.

Monitoring Recommendations

Set up alerts for high-frequency updates to JavaScript boosts and monitor for changes by unauthorized users or suspicious access patterns in Firebase.

How to Mitigate CVE-2024-45489

Immediate Actions Required

  • Re-evaluate and correct Firebase ACLs
  • Inform users of potential risks and preventive measures
  • Implement stricter validation for boost creation and update actions

Patch Information

Not Available

Workarounds

As a temporary measure, manually review and restrict ACL permissions on Firebase to block unauthorized access.

bash
# Configuration example
firebase functions:config:set acl.restrictions="prevent-unauthorized-access"

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne