Security

The Browser Company Bounty Program

At The Browser Company of New York, we care deeply about safeguarding the security and privacy of everyone who uses our products. We also recognize the security research community’s invaluable role in this mission. If you spot a vulnerability, we want to hear about it so we can make things right as soon as possible. Your work helps us build a safer, more secure browsing experience for all.

Our Bug Bounty Program is ran through HackerOne. Please visit our HackerOne program page to review our program policy, scope, and to submit your findings.

How to Submit your Research

If you believe you’ve identified a security or privacy issue that affects BCNY products, services, or software, please submit it to us through our HackerOne program.

Keeping Dia Secure

Your browser is your doorway to the internet—work, personal life, and everything in between. Keeping that doorway secure is core to how we design, build, and ship Dia.

We’re a focused team that treats security as a product feature, not an afterthought. Our goal is simple: you shouldn’t have to worry that your data is being misused, mishandled, or sold.

To make that concrete, here’s what we do and how we think about it:

Outside security assessments

We work with independent security firms to run regular audits of our products. Each year, we conduct full‑scope assessments and schedule point‑in‑time reviews for new or high‑risk features. These engagements include code reviews, architecture analysis, and exploit testing. When appropriate, we publish notable findings and fixes in our Security Bulletins.

Browser engine
Dia is built on Chromium—the same open‑source engine behind Chrome and Edge—so we inherit a battle‑tested foundation and the latest upstream security patches. We prioritize upgrades and keep Dia aligned with the newest Chromium releases and hotfixes on an aggressive cadence.

List of Disabled Chromium Features

  • Google Accounts Integration (GAIA) disabled
    • Chromium won’t send requests for accounts on startup to accounts.google.com
    • No syncing of Chromium profiles, cookies, passwords, bookmarks to Google via your Google account
  • Google metrics (UMA) reporting is disabled
  • Uploading settings after resetting profile is disabled
  • Reporting Observers and Reporting API are disabled
  • Network logging to file is disabled

Infrastructure
We restrict production access by role, log and review access regularly, and encrypt data at rest and in transit. We store as little personal data as possible, and we routinely audit what we collect to ensure it stays minimal and appropriate for the service.

How to reach us
If you have questions or see something we should look at, email [email protected]. If you’re a security researcher, our bug bounty program welcomes your reports

FAQ

Prompt injections happen when a webpage or third party slips instructions into an assistant’s context, and the assistant follows those instructions instead of the user's instructions. All AI chat systems face this risk. Our stance is to assume prompt injections may occur and keep you safe through layered controls.

Here are our current rules for how Dia reduces the impact of prompt injections:

  • Dia won't open or follow LLM‑generated URLs. Attackers often use generated links to exfiltrate data; we block this class of action.
  • Dia won't allow tools beyond what you intend to use. Dia’s chat session starts with no access to other tabs or ability to take write actions. Your review is needed to grant access before the assistant can use anything with real-world effects.
  • Dia won't insert data into third-party sites without your approval. For actions like “fill form” or “draft email,” Dia shows you the exact content first in a Dia-controlled view. You choose whether to proceed.
  • Dia won't take irreversible actions on behalf of the user. Items like calendar events stay in draft until you click “Create.”
  • Dia won't run agentic mode on unapproved context. When Dia drives your computer (e.g., replying to email), the assistant only sees what you saw and approved, limiting third-party influence.
  • Dia won't let agentic mode navigate to other websites. To contain the blast radius of actions, the assistant is unable to navigate on its own to another website
  • Dia won't expose sensitive elements to the agent. Web form fields like passwords and irreversible action buttons are invisible to the agentic system.
  • Dia won't pass URLs to the LLM verbatim. Links can hide instructions; Dia filters those so they can’t influence the AI.

Prompt injection defenses are evolving rapidly, and we’re continuously improving our systems. From time to time, these rules may change as we add stronger safeguards and protections.

What prompt injections can still do…

  • Cause unexpected style or tone shifts (e.g., making the assistant “talk like a pirate”).
  • Nudge content toward misinformation if a tab is treated as local “ground truth.” Context improves relevance, not universal correctness.
  • Trigger read-only operations like searches. Our priority is preventing destructive actions—Sending your data to third party sites or changing state. While a prompt may cause an unexpected lookup, your data and systems remain secure.

We design Dia’s features so that—even if a prompt injection occurs—the blast radius is limited and your browser and data remain protected. That being said, the web is adversarial and we are constantly researching and finding more ways to protect you while you use Dia

Practical tips to reduce prompt‑injection risk:

  • Attach only the tools you intend the assistant to use.
  • After you’re done with a tool, remove it from the chat’s capabilities list.
  • Only attach documents or pages you trust as context.

Dia follows a strict patching schedule to keep you secure:

  • Weekly updates: Dia releases every Thursday with the latest stable version of Chromium that Google has shipped to users.
  • Critical security fixes: When Google releases a patch for a critical vulnerability, Dia publishes the fix to production within 48 hours.

This means Dia stays current with Google Chrome's security updates while maintaining our weekly release cadence.

Yes. You can control the ad blocking settings at Dia > Settings > Privacy

Your conversations, history, bookmarks, and files are stored locally encrypted on your device. When you use Dia’s Chat, only the minimum necessary data (e.g., your question or the current page) is briefly sent to our servers and passed to trusted AI partners who are restricted from training on it or retaining it after completion. When you share your content data to improve Dia, it’s de‑identified, kept for no more than 30 days, then deleted. You can clear your data anytime, and incognito stores nothing. Read more on our Privacy page: Privacy ↗

When you share your content data to improve Dia, some parts of your chat conversation are de‑identified and used to improve speed and accuracy of Dia. This content data isn’t tied to your account, is retained for 30 days, and then deleted. You can turn this off at any time in Settings. See our Privacy ↗ page for more details

We have agreements with all our model providers so that they do not retain your data. Data sent to trusted AI partners to answer your questions isn’t used to train their models and isn’t stored after completion.

We sometimes keep a small set of AI-related data, if it helps with security or compliance. Think content moderation flags, suspected misuse (like trying to get the model to do something dangerous), or prompt‑injection and safety‑violation events. This data is only kept as long as we need to detect, investigate, and prevent abuse, meet legal obligations, and make Dia safer. It’s access‑controlled, used only for security and compliance, and never used to train models. When it’s no longer needed for those purposes, we delete it according to our policies.