Description

Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled.

Remediation

References

https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix

https://nodesecurity.io/advisories/539

Related Vulnerabilities

CVE-2016-10698 Vulnerability in npm package mystem-fix

CVE-2019-1003000 Vulnerability in maven package org.jenkins-ci.plugins:script-security

CVE-2023-24163 Vulnerability in maven package cn.hutool:hutool-all

CVE-2022-39239 Vulnerability in npm package @netlify/ipx

CVE-2020-7758 Vulnerability in npm package browserless-chrome

Severity

Critical

Classification

CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Broken Link Third Party Advisory