ASA-2019-00646 – Electron: Chromium WebAudio Use-After-Free Vulnerability

A vulnerability has been discovered in Chrome which affects all software based on Chromium, including Electron. Use-after-free in WebAudio in Google Chrome allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

ASA-2019-00072 – Electron: Vulnerability that allowed Node to be re-enabled in child Windows

A code vulnerability has been discovered that allows Node to be re-enabled in child windows. Opening a BrowserView with sandbox: true or nativeWindowOpen: true and nodeIntegration: false results in a webContents where can be called and the newly opened child window will have nodeIntegration enabled.