A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the sandbox option is enabled.
We've published two new versions of electron
both of which include a fix for this vulnerability. We urge all Electron
developers to update their apps to the latest stable version immediately:
npm i electron@latest --save-dev
To learn more about best practices for keeping your Electron apps secure, see our security tutorial.
Please contact firstname.lastname@example.org if you wish to report a vulnerability in Electron.