A security feature bypass issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed for sandbox escape in Electron and escalation of privilege if combined with a remote code execution vulnerability inside the sandboxed renderer process.
Tag: Electron
ASA-2019-00646 – Electron: Chromium WebAudio Use-After-Free Vulnerability
A vulnerability has been discovered in Chrome which affects all software based on Chromium, including Electron. Use-after-free in WebAudio in Google Chrome allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ASA-2019-00125 – Electron: Chromium FileReader Vulnerability Fix
A high severity vulnerability has been discovered in Chrome which affects all software based on Chromium, including Electron.
ASA-2019-00072 – Electron: Vulnerability that allowed Node to be re-enabled in child Windows
A code vulnerability has been discovered that allows Node to be re-enabled in child windows. Opening a BrowserView with sandbox: true or nativeWindowOpen: true and nodeIntegration: false results in a webContents where window.open can be called and the newly opened child window will have nodeIntegration enabled.