Description

Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled.

Remediation

References

https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix

https://nodesecurity.io/advisories/539

Related Vulnerabilities

CVE-2021-46384 Vulnerability in maven package net.mingsoft:ms-mcms

CVE-2022-21653 Vulnerability in maven package org.typelevel:jawn-parser_3

CVE-2018-20822 Vulnerability in maven package org.webjars.npm:node-sass

CVE-2022-25906 Vulnerability in npm package is-http2

CVE-2023-33202 Vulnerability in maven package org.bouncycastle:bcprov-jdk15on

Severity

Critical

Classification

CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Broken Link Third Party Advisory