A vulnerability has been discovered in Chrome which affects all software based on Chromium, including Electron. Use-after-free in WebAudio in Google Chrome allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Tag: ElectronJS
ASA-2019-00072 – Electron: Vulnerability that allowed Node to be re-enabled in child Windows
A code vulnerability has been discovered that allows Node to be re-enabled in child windows. Opening a BrowserView with sandbox: true or nativeWindowOpen: true and nodeIntegration: false results in a webContents where window.open can be called and the newly opened child window will have nodeIntegration enabled.