A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Jede Electron-App, die auf Remote-Inhalte zugreift, ist anfällig für diese Ausnutzung, unabhängig davon, ob die Sandbox-Option aktiviert ist.
We've published two new versions of electron 1.7.8 and 1.6.14, both of which include a fix for this vulnerability. We urge all Electron developers to update their apps to the latest stable version immediately:
npm i electron@latest --save-dev
To learn more about best practices for keeping your Electron apps secure, see our security tutorial.
Please contact security@electronjs.org if you wish to report a vulnerability in Electron.