Description

Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled.

Remediation

References

https://nodesecurity.io/advisories/539

https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix

Related Vulnerabilities

CVE-2021-25948 Vulnerability in npm package expand-hash

CVE-2022-24759 Vulnerability in npm package @chainsafe/libp2p-noise

CVE-2019-13236 Vulnerability in maven package org.opencms:opencms-core

CVE-2021-25949 Vulnerability in npm package set-getter

CVE-2017-5657 Vulnerability in maven package org.apache.archiva:archiva

Severity

Critical

Classification

CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Third Party Advisory Broken Link