Description
ArcSearch for Android versions prior to 1.12.7 could display a different domain in the address bar than the content being shown, enabling address bar spoofing after user interaction via crafted web content.
Published: 2026-03-20
Score: 7.4 High
EPSS: < 1% Very Low
KEV: No
Impact: Phishing
Action: Update App
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://arc.net/security/bulletins cve-icon cve-icon
History

Thu, 16 Apr 2026 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Thebrowser
Thebrowser arc Search
CPEs cpe:2.3:a:thebrowser:arc_search:*:*:*:*:*:android:*:*
Vendors & Products Thebrowser
Thebrowser arc Search

Mon, 23 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared The Browsercompany Of New York
The Browsercompany Of New York arcsearch
Vendors & Products The Browsercompany Of New York
The Browsercompany Of New York arcsearch

Fri, 20 Mar 2026 21:30:00 +0000

Type Values Removed Values Added
Description ArcSearch for Android versions prior to 1.12.7 could display a different domain in the address bar than the content being shown, enabling address bar spoofing after user interaction via crafted web content.
Title Address bar spoofing risk in ArcSearch on Android
Weaknesses CWE-1021
References
Metrics cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N'}

Subscriptions

The Browsercompany Of New York Arcsearch
Thebrowser Arc Search
cve-icon MITRE

Status: PUBLISHED

Assigner: BCNY

Published:

Updated: 2026-03-23T14:13:09.052Z

Reserved: 2026-02-11T21:24:56.878Z

Link: CVE-2026-2378

cve-icon Vulnrichment

Updated: 2026-03-23T14:13:05.578Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-20T22:16:27.497

Modified: 2026-04-16T14:34:33.427

Link: CVE-2026-2378

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:34:32Z

Weaknesses