ASA-2019-00125 – Electron: Chromium FileReader Vulnerability Fix


Allele Security Alert

ASA-2019-00125

Identifier(s)

ASA-2019-00125

Title

Chromium FileReader Vulnerability Fix

Vendor(s)

Github

Product(s)

Electron

Affected version(s)

All supported versions of Electron

Fixed version(s)

Electron 4.0.8
Electron 3.1.6
Electron 3.0.16
Electron 2.0.18

Proof of concept

Unknown

Description

A high severity vulnerability has been discovered in Chrome which affects all software based on Chromium, including Electron.

Technical details

Unknown

Credits

Clement Lecigne

Reference(s)

Chromium FileReader Vulnerability Fix
https://electronjs.org/blog/filereader-fix

Stable Channel Update for Desktop
https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop.html

CVE-2019-5786
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5786

CVE-2019-5786
https://nvd.nist.gov/vuln/detail/CVE-2019-5786

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: March 11, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.