跳转到主内容

Chromium WebAudio 漏洞修复 (CVE-2019-13720)

· 阅读时间:约 2 分钟

A High severity vulnerability has been discovered in Chrome which affects all software based on Chromium, including Electron.

此漏洞已被分配 CVE-2019-13720。 您可以在 Chrome 博客文章 中阅读更多关于它的信息。

Please note that Chrome has reports of this vulnerability being used in the wild so it is strongly recommended you upgrade Electron as soon as possible.


作用域

This affects any Electron application that may run third-party or untrusted JavaScript.

Mitigation

Affected apps should upgrade to a patched version of Electron.

We've published new versions of Electron which include fixes for this vulnerability:

Electron 7.0.1 在发布通知之前已自动包含了上游的修复。 Electron 8同样不受影响。 该漏洞在Electron 5中不存在,因此该版本也不受影响。

Further Information

此漏洞由卡巴斯基实验室的 Anton Ivanov 和 Alexey Kulaev 发现,并报告给 Chrome 团队。 Chrome博客文章可以在这里找到

要了解更多关于维护您的 Electron 应用安全的最佳做法,请参阅我们的 安全教程

If you wish to report a vulnerability in Electron, email security@electronjs.org.