Description

Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled.

Remediation

References

https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix

https://nodesecurity.io/advisories/539

Related Vulnerabilities

CVE-2020-2138 Vulnerability in maven package org.jenkins-ci.plugins:cobertura

CVE-2021-4307 Vulnerability in maven package org.webjars.npm:baobab

CVE-2021-21391 Vulnerability in npm package @ckeditor/ckeditor5-font

CVE-2020-28464 Vulnerability in npm package djv

CVE-2021-27905 Vulnerability in maven package org.apache.solr:solr-core

Severity

Critical

Classification

CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Broken Link Third Party Advisory