A High severity vulnerability has been discovered in Chrome which affects all software based on Chromium, including Electron.
This vulnerability has been assigned CVE-2019-13720
. Puedes leer más al respecto en la Chrome Blog Post.
Please note that Chrome has reports of this vulnerability being used in the wild so it is strongly recommended you upgrade Electron as soon as possible.
Ámbito
This affects any Electron application that may run third-party or untrusted JavaScript.
Mitigación
Affected apps should upgrade to a patched version of Electron.
We've published new versions of Electron which include fixes for this vulnerability:
Electron 7.0.1 automatically included the fix from upstream, before the announcement was made. Electron 8 is similarly unaffected. The vulnerability did not exist in Electron 5, so that version is also unaffected.
Más información
This vulnerability was discovered by Anton Ivanov and Alexey Kulaev at Kaspersky Labs and reported to the Chrome team. La entrada del blog de Chrome se puede encontrar aquí.
Para aprender más sobre las buenas prácticas para mantener tus aplicaciones Electron seguras, ve nuestro tutorial de seguridad.
Si quieres reportar una vulnerabilidad de Electron, envía un correo electrónico a security@electronjs.org.