Description

Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled.

Remediation

References

https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix

https://nodesecurity.io/advisories/539

Related Vulnerabilities

CVE-2017-13098 Vulnerability in maven package com.madgag.spongycastle:bctls-jdk15on

CVE-2020-2111 Vulnerability in maven package org.jenkins-ci.plugins:subversion

CVE-2023-36542 Vulnerability in maven package org.apache.nifi:nifi-cdc-mysql-processors

CVE-2021-43843 Vulnerability in npm package jsx-slack

CVE-2022-25916 Vulnerability in npm package mt7688-wiscan

Severity

Critical

Classification

CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Broken Link Third Party Advisory