A High severity vulnerability has been discovered in Chrome which affects all software based on Chromium, including Electron.
This vulnerability has been assigned CVE-2019-5786. You can read more about it in the Chrome Blog Post.
Please note that Chrome has reports of this vulnerability being used in the wild so it is strongly recommended you upgrade Electron ASAP.
Portée
This affects any Electron application that may run third-party or untrusted JavaScript.
Atténuation
Affected apps should upgrade to a patched version of Electron.
Nous avons publié de nouvelles versions d'Electron qui incluent des corrections pour cette vulnérabilité :
The latest beta of Electron 5 was tracking Chromium 73 and therefore is already patched:
Informations complémentaires
This vulnerability was discovered by Clement Lecigne of Google's Threat Analysis Group and reported to the Chrome team. The Chrome blog post can be found here.
Pour en savoir plus sur les meilleures pratiques pour sécuriser vos applications Electron, consultez notre tutoriel de sécurité.
Si vous souhaitez signaler une vulnérabilité dans Electron, envoyez un e-mail à security@electronjs.org.