Description

Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled.

Remediation

References

https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix

https://nodesecurity.io/advisories/539

Related Vulnerabilities

CVE-2021-25979 Vulnerability in npm package apostrophe

CVE-2021-40111 Vulnerability in maven package org.apache.james:james-server

CVE-2022-35961 Vulnerability in npm package @openzeppelin/contracts

CVE-2023-0835 Vulnerability in npm package markdown-pdf

CVE-2021-21430 Vulnerability in maven package org.openapitools:openapi-generator-project

Severity

Critical

Classification

CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Broken Link Third Party Advisory