In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using both `contextIsolation` and `contextBridge` are affected. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:NElectronjs Electron
APPElectronjs9.0.07.0.0 – 7.2.4 (bez)8.0.0 – 8.2.4 (bez)
Related vulnerabilities
Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in G...
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior ...
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior ...
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior ...
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior ...