A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Qualquer aplicativo Electron que acessa o conteúdo remoto é vulnerável a esse exploit, independente se a opção sandbox está ativada.
We've published two new versions of electron 1.7.8 and 1.6.14, both of which include a fix for this vulnerability. We urge all Electron developers to update their apps to the latest stable version immediately:
npm i electron@latest --save-dev
Para saber mais sobre as melhores práticas para manter seus apps Electron seguros, veja nosso tutorial de segurança.
Please contact security@electronjs.org if you wish to report a vulnerability in Electron.