CVE-2026-12348

Summary

Address bar spoofing in Arc Search for Android allows a remote attacker to display a trusted domain in the address bar while rendering attacker-controlled content, enabling phishing.

Affected Software

VendorProductVersion RangeStatus
The Browser Company of New York`Arc Search0 <= 1.12.8unaffected

Weaknesses

  • CWE-1021: CWE-1021 Improper restriction of rendered UI layers or frames

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References