Description

Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled.

Remediation

References

https://nodesecurity.io/advisories/539

https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix

Related Vulnerabilities

CVE-2020-7604 Vulnerability in npm package pulverizr

CVE-2023-2479 Vulnerability in npm package appium-desktop

CVE-2019-9155 Vulnerability in npm package openpgp

CVE-2019-10337 Vulnerability in maven package org.jenkins-ci.plugins:token-macro

CVE-2020-8137 Vulnerability in maven package org.webjars.npm:uppy

Severity

Critical

Classification

CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Third Party Advisory Broken Link