electron@2.0.7 vulnerabilities

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free via the Serial process. An attacker can potentially exploit heap corruption.

Upgrade electron to version 31.7.5, 32.2.5 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type ('Type Confusion') via a crafted HTML page. An attacker can potentially exploit heap corruption.

Upgrade electron to version 32.2.3 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Improper Access Control due to an inappropriate implementation in Extensions. An attacker can bypass site isolation.

Upgrade electron to version 31.7.4, 32.2.3 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type ('Type Confusion') via a crafted HTML page. An attacker can potentially exploit heap corruption.

Upgrade electron to version 31.7.4, 32.2.3 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Out-of-bounds Write in Dawn.

Upgrade electron to version 31.7.4, 32.2.3 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow through the V8 engine.

Upgrade electron to version 31.7.2 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow in Fonts.

Upgrade electron to version 31.7.2 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow in Skia.

Upgrade electron to version 31.7.2 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow in Skia.

Upgrade electron to version 31.7.2 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Type Confusion via the V8 engine.

Upgrade electron to version 31.7.2 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Out-of-Bounds Write via the V8 engine. An attacker can potentially exploit heap corruption by crafting a malicious HTML page.

Upgrade electron to version 31.7.2 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free via the WebAudio process. An attacker can potentially exploit heap corruption by crafting a malicious HTML page.

Upgrade electron to version 31.7.2 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow in Skia

Upgrade electron to version 31.7.2 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to External Control of Assumed-Immutable Web Parameter via a crafted HTML page. An attacker can perform an out of bounds memory write by sending a specially crafted HTML content.

Upgrade electron to version 31.7.2 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free via the Dawn component. An attacker can potentially exploit heap corruption by crafting a malicious HTML page.

Upgrade electron to version 31.7.2 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Type Confusion. An attacker can access memory locations outside of the intended bounds by crafting a malicious HTML page that triggers type confusion in the V8 engine.

Upgrade electron to version 31.7.2 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Out-of-bounds Read via a crafted HTML page. An attacker can access memory locations outside the intended boundary by crafting a malicious HTML page that triggers the flaw.

Upgrade electron to version 31.7.2 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Out-of-bounds Read in Skia.

Upgrade electron to version 31.7.2, 32.2.2 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Type Confusion via crafted HTML content.

Upgrade electron to version 31.7.1, 32.2.1 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Type Confusion in InferHasInPrototypeChain of the V8 engine.

Upgrade electron to version 31.7.1, 32.2.1 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Type Confusion in v8 engine.

A fix was pushed into the master branch but not yet published.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free through the Media Stream process. An attacker can potentially exploit heap corruption by convincing a user to perform specific UI gestures on a crafted HTML page.

Upgrade electron to version 29.4.6, 30.4.0 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Out-of-bounds Read via a crafted HTML page. An attacker can potentially perform a sandbox escape by manipulating the memory outside its intended buffer limits.

Upgrade electron to version 29.4.6, 30.4.0 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Out-of-bounds Read through the V8 engine. An attacker can access memory locations outside of the intended bounds by crafting a malicious HTML page.

Note: This is only exploitable if the user navigates to or is redirected to a malicious web page.

Upgrade electron to version 29.4.6, 30.4.0 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free via specific UI gestures in the Screen Capture feature. An attacker can potentially exploit heap corruption by convincing a user to visit a crafted HTML page.

Upgrade electron to version 29.4.6, 30.4.0 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow through the V8 engine. An attacker can corrupt memory and potentially execute arbitrary code by crafting a malicious HTML page.

Note: This is only exploitable if the user navigates to or is redirected to a malicious web page.

Upgrade electron to version 29.4.6, 30.4.0 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free via the Navigation process. An attacker can exploit heap corruption by convincing a user to install a malicious extension.

Upgrade electron to version 29.4.6, 30.4.0 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Race Condition via a crafted Chrome Extension. An attacker who convinced a user to install a malicious extension can inject scripts or HTML into a privileged page.

Upgrade electron to version 29.4.6, 30.4.0 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free through the Audio process. An attacker can potentially exploit heap corruption by crafting a malicious HTML page.

Upgrade electron to version 29.4.6, 30.4.0 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free in Loader component. An attacker can potentially exploit heap corruption by crafting a malicious HTML page.

Upgrade electron to version 30.4.0, 31.4.0 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free in Dawn component. An attacker can potentially exploit heap corruption by crafting a malicious HTML page.

Upgrade electron to version 30.4.0, 31.4.0 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free through the Dawn component. An attacker can potentially exploit heap corruption by crafting a malicious HTML page.

Upgrade electron to version 29.4.5, 30.2.0 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free due to the improper handling of memory in the Dawn component. An attacker can cause heap corruption and potentially execute arbitrary code by crafting a malicious HTML page.

Upgrade electron to version 29.4.5, 30.2.0 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free through the Dawn process. An attacker can potentially exploit heap corruption by crafting a malicious HTML page.

Upgrade electron to version 29.4.5, 30.2.0 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free through the Swiftshader process. An attacker can potentially exploit heap corruption by crafting a malicious HTML page.

Upgrade electron to version 29.4.5, 30.2.0 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Type Confusion via a crafted HTML page in the V8 engine.

**Note: ** This is only exploitable if the user navigates to or is redirected to the malicious page.

Upgrade electron to version 29.4.3 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Out-of-bounds Read through the V8 engine. An attacker can access memory locations outside of the intended boundary by crafting a malicious HTML page.

Upgrade electron to version 29.4.3 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free via the Dawn component.

Upgrade electron to version 29.4.3 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free via the Dawn process. An attacker can potentially exploit heap corruption by crafting a malicious HTML page.

Note: 126.0.6478.56 is the fixed version for Windows and Mac. Version 126.0.6478.54 fixes the vulnerability in Linux

Upgrade electron to version 29.4.3 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free due to the improper handling of memory in the Dawn process. An attacker can cause heap corruption by crafting a malicious HTML page.

Note: 126.0.6478.56 is the fixed version for Windows and Mac. Version 126.0.6478.54 fixes the vulnerability in Linux

Upgrade electron to version 29.4.3 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the Dawn process. An attacker can perform an out of bounds memory write by exploiting a crafted HTML page.

Upgrade electron to version 29.4.3 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the ANGLE process. An attacker can perform an out of bounds memory read via a crafted HTML page.

Upgrade electron to version 29.4.3 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Type Confusion due to the V8 process. An attacker can potentially perform arbitrary read/write by exploiting a crafted HTML page.

Upgrade electron to version 29.4.3 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free in the scheduling process. An attacker can execute arbitrary code inside a sandbox by using a crafted HTML page.

Upgrade electron to version 29.4.3 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Out-of-Bounds Write through the Streams API. An attacker can execute arbitrary code within a sandboxed environment by crafting a malicious HTML page.

Upgrade electron to version 29.4.3 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow through the WebRTC component. An attacker can cause heap corruption and potentially execute arbitrary code by crafting a malicious HTML page.

Upgrade electron to version 29.4.3, 30.1.2 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free through the Dawn component. An attacker can potentially exploit heap corruption by crafting a malicious HTML page.

Upgrade electron to version 29.4.3 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free through the Dawn process. An attacker can potentially exploit heap corruption by crafting a malicious HTML page.

Upgrade electron to version 29.4.3 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free through the Media Session process. An attacker can execute arbitrary code inside a sandbox by crafting a malicious HTML page.

Upgrade electron to version 29.4.3 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow in vp8 encoding in libvpx.

Upgrade electron to version 22.3.25, 24.8.5, 25.8.4, 26.2.4, 27.0.0-beta.8 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Out-of-bounds Read in WebRTC, exploitable via a crafted HTML page.

Upgrade electron to version 22.3.16 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free via the Mojo interface. An attacker can potentially exploit heap corruption by delivering a crafted HTML page.

Upgrade electron to version 27.3.3 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow via a crafted HTML page. An attacker can potentially exploit heap corruption by deceiving a user to visit a malicious web page.

Upgrade electron to version 27.3.3 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Privilege Context Switching Error in libuv's handling of io_uring operations called before calling setuid(). This allows users to elevate privileges.

Upgrade electron to version 29.4.0 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Out-of-Bounds memory access in V8 component. This vulnerability allowed a remote attacker to perform arbitrary read/write via a crafted HTML page.

Upgrade electron to version 27.3.10, 28.3.0 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Integer Overflow or Wraparound when decoding videos with a large frame size. An attacker can cause memory corruption within the AV1 decoder by providing a specially crafted video file.

Upgrade electron to version 27.3.11, 28.3.1 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Out-of-bounds Write in the Compositing process. An attacker can potentially perform a sandbox escape by exploiting specific UI gestures. This is only exploitable if the attacker has already compromised the GPU process.

Upgrade electron to version 27.3.11, 28.3.1, 29.3.1 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the ANGLE component. An attacker can potentially exploit heap corruption through a crafted HTML page.

Upgrade electron to version 27.3.11, 28.3.1, 29.3.1 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free due to improper handling of objects in memory in the Dawn component. An attacker can cause heap corruption and potentially execute arbitrary code by convincing a user to visit a specially crafted HTML page.

Upgrade electron to version 27.3.11, 28.3.1, 29.3.1 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer due to an inappropriate implementation in the V8 engine. An attacker can potentially perform out of bounds memory access by crafting a malicious HTML page.

Upgrade electron to version 29.3.0 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free due to improper handling in the WebCodecs component. An attacker can achieve arbitrary read/write access by crafting a malicious HTML page.

Upgrade electron to version 27.3.9, 28.2.10, 29.2.0 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Type Confusion due to a flaw in the WebAssembly component. An attacker can execute arbitrary code on the victim's machine by convincing them to visit a maliciously crafted HTML page.

Upgrade electron to version 27.3.9, 28.2.10, 29.2.0 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free due to improper handling of objects in memory in the ANGLE graphics engine. An attacker can cause heap corruption and potentially execute arbitrary code by convincing a user to visit a specially crafted HTML page.

Upgrade electron to version 27.3.9, 28.2.10, 29.2.0 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free due to the improper handling of objects in memory in the Dawn component. An attacker can potentially exploit heap corruption through a crafted HTML page.

Upgrade electron to version 27.3.9, 28.2.10, 29.2.0 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to NULL Pointer Dereference in V8, due to an object lifecycle issue involving scope inheritance.

Upgrade electron to version 27.3.8, 28.2.9, 29.1.6 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Denial of Service (DoS) via an Out of bounds memory access in V8.

Upgrade electron to version 27.3.6, 28.2.7, 29.1.2 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free via the xmlTextReader module. An attacker can cause denial of service by processing crafted XML documents with DTD validation and XInclude expansion enabled.

Upgrade electron to version 27.3.5, 28.2.6 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free in Mojo runtime libraries collection. This allows an attacker to exploit heap corruption via a crafted HTML page.

Upgrade electron to version 27.3.4, 28.2.5 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free via the Web Audio feature. An attacker can potentially exploit heap corruption by crafting a malicious HTML page.

Upgrade electron to version 26.6.8, 27.3.1 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Out-of-bounds Read allowing a remote attacker to exploit heap corruption via a crafted HTML page.

Note: The Stable channel has been updated to 120.0.6099.234 for Mac devices.

Upgrade electron to version 26.6.7 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Out-of-bounds Write allowing a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Note: The Stable channel has been updated to 120.0.6099.234 for Mac devices.

Upgrade electron to version 26.6.6, 27.2.3, 28.1.4 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Type Confusion due to a type confusion in V8. A remote attacker could exploit heap corruption via a crafted HTML page.

Note: The Stable channel has been updated to 120.0.6099.234 for Mac devices.

Upgrade electron to version 26.6.6, 27.2.3, 28.1.4 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free via the WebGPU process. An attacker can potentially exploit heap corruption by crafting a malicious HTML page.

Upgrade electron to version 26.6.5, 27.2.2 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the ANGLE component.

Upgrade electron to version 26.6.5, 27.2.2 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free via the ANGLE component. An attacker can potentially exploit heap corruption by convincing a user to visit a crafted HTML page.

Upgrade electron to version 26.6.5, 27.2.2 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free via the WebAudio component. An attacker can potentially exploit heap corruption by convincing a user to visit a crafted HTML page.

Upgrade electron to version 26.6.5, 27.2.2 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the WebRTC framework, used to provide Real-Time Communications (RTC) capabilities via JavaScript APIs.

Upgrade electron to version 26.6.3, 27.2.0, 28.1.0 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free via the Media Stream process. An attacker can potentially exploit heap corruption by crafting a malicious HTML page.

Upgrade electron to version 26.6.3, 27.2.0 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity when the embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses are enabled.

An attacker can edit files inside the .app bundle on macOS, which these fuses are supposed to protect against, by gaining write access to the filesystem from which the app is launched.

Note

This is only exploitable if your app is launched from a filesystem the attacker has write access to and is specific to macOS, as these fuses are only supported on macOS.

Upgrade electron to version 22.3.24, 24.8.3, 25.8.1, 26.2.1 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the USB component.

Upgrade electron to version 25.9.4, 26.5.0, 27.0.4 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Improper Input Validation in the USB component.

Upgrade electron to version 25.9.4, 26.5.0, 27.0.4 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Improper Access Control via nested unserializable return value when using contextIsolation and contextBridge are affected. Exploiting this vulnerability allows code running in the main world context in the renderer to reach into the isolated Electron context and perform privileged actions.

Note

This issue is exploitable under either of two conditions:

1. If an API exposed to the main world via contextBridge can return an object or array that contains a JS object that cannot be serialized, such as a canvas rendering context. This would normally result in an Error: object could not be cloned exception being thrown.

2. If an API exposed to the main world via contextBridge has a return value that throws a user-generated exception while being sent over the bridge, such as a dynamic getter property on an object that throws an error when being computed.

Upgrade electron to version 23.2.3, 25.0.0-alpha.2 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Out-of-Bounds when the V8 engine processes a carefully crafted HTML page. An attacker can perform an out of bounds memory read, thereby potentially gaining unauthorized access to sensitive information.

Upgrade electron to version 22.3.23, 24.8.2, 25.8.0 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Out-of-bounds Read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Upgrade electron to version 22.3.5 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow in Metrics by allowing a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Upgrade electron to version 21.4.4, 22.3.5 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free in WebRTC, causing heap corruption.

Upgrade electron to version 20.3.12, 21.4.2 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow in Network Service via a crafted HTML page and specific interactions.

Upgrade electron to version 20.3.10, 21.3.5 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free in Mojo, via heap corruption.

Upgrade electron to version 20.3.9, 21.4.0 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free in WebCodecs, which allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Upgrade electron to version 19.1.7, 20.3.7 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow in Crashpad in Google Chrome on Android, which allows a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Upgrade electron to version 19.1.7, 20.3.7 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to type confusion in V8, which allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Upgrade electron to version 19.1.7, 20.3.7 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free in V8, which allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Upgrade electron to version 19.1.7, 20.3.7 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free via the Web Workers, which allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Upgrade electron to version 19.1.7, 20.3.7 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Information Exposure in that it reveals hashed credentials when the target of a redirect is an SMB URL, such as one using the file:// scheme.

NOTE: This vulnerability is only exploitable on Windows.

Upgrade electron to version 18.3.7, 19.0.11, 20.0.1 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free in Layout.

Upgrade electron to version 19.1.5, 20.3.5 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Improper Input Validation in file system.

Upgrade electron to version 19.1.5, 21.2.2 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Type Confusion in V8.

Upgrade electron to version 19.1.5, 20.3.5 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free in Frames, via a crafted HTML page.

Upgrade electron to version 18.3.14, 19.1.0 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free in regular expressions (V8).

Upgrade electron to version 15.5.3, 16.2.4, 17.4.2 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free in Network Service

Upgrade electron to version 20.1.2, 19.1.0, 18.3.12 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free in Layout.

Upgrade electron to version 19.1.0, 18.3.14 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free in WebSQL.

Upgrade electron to version 18.3.12, 19.0.16, 20.1.2 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free in WebSQL

Upgrade electron to version 18.3.14, 20.1.4 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to insufficient validation of untrusted input in V8.

Upgrade electron to version 18.3.14 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free in SwiftShader.

Upgrade electron to version 19.0.15 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free in Blink, when a DisplayLock is unlocked via ForceUnlockIfNeeded.

Upgrade electron to version 18.3.11 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Improper Authentication by allowing the creation of cookies that have an empty name field and whose value impersonates a cookie name prefix.

Note:

Upgrading to the fixed version will delete any previously stored cookies that meet the conditions by causing them to fail their IsCanonical() check.

Upgrade electron to version 18.3.11 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free when glBufferData redefines a buffer and the new buffer is smaller than the old buffer.

Upgrade electron to version 18.3.11, 19.0.15 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Access Control Bypass due to insufficient policy enforcement in Cookies.

Upgrade electron to version 18.3.9, 19.0.12 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Buffer Overflow when changing the PDF layout confuses AddFindResult() and causes it to fail a DCHECK()

Upgrade electron to version 18.3.8, 19.0.13 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Improper Input Validation. in Internals, due to not treating % as a special character in pathname resolution.

NOTE: This vulnerability is only exploitable when running on Windows.

Upgrade electron to version 18.3.8, 19.0.13 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Information Exposure in Background Fetch, by exposing URLs during cross-origin redirects.

Upgrade electron to version 18.3.9, 19.0.12 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Denial of Service (DoS) in PDF in Google Chrome, a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Upgrade electron to version 17.4.11, 18.3.7 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Type Confusion in V8.

Upgrade electron to version 17.4.11, 18.3.6 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the WebRTC component.

Upgrade electron to version 17.4.11, 18.3.6 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free in File System API.

Upgrade electron to version 16.2.6, 17.4.3, 18.2.2 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Protection Mechanism Failure in File System API.

Upgrade electron to version 17.4.9, 18.3.6, 19.0.7 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free in Angle.

Upgrade electron to version 17.4.8, 18.3.4 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere which allows a renderer with JS execution to obtain access to a new renderer process even without nodeIntegrationInSubFrames being enabled, that allows effective access to ipcRenderer.

Upgrade electron to version 15.5.6, 16.2.6, 17.2.0, 18.0.0 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Improper Input Validation which allows attackers who have control over a given app's update server or update storage to serve maliciously crafted update packages that pass the code signing validation check but contain malicious code in some components.

Upgrade electron to version 15.5.0, 16.2.0, 17.2.0, 18.0.0 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Improper Input Validation in Data Transfer, because the sanitization code only does one round of parsing and serializing.

Upgrade electron to version 17.4.8, 18.3.5 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow in V8 Internationalization.

Upgrade electron to version 15.5.6, 16.2.7, 17.4.5 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free due to improper cache state validation after the XFB buffer was deleted.

Upgrade electron to version 15.5.6, 16.2.7, 17.4.5 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free in the BFCache, due to the attempts to cache an interstitial which results in a crash.

Upgrade electron to version 16.2.4, 17.4.2 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free in Vulkan.

Upgrade electron to version 15.5.6, 16.2.6, 17.4.4 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Inappropriate implementation in Input.

Upgrade electron to version 15.5.5, 16.2.6, 17.4.4, 18.2.2 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Improper Input Validation in Blink Editing.

Upgrade electron to version 15.5.4, 16.2.6, 17.4.3, 18.2.2 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free in Angle, when pausing XFB then deleting a buffer.

Upgrade electron to version 15.5.4, 16.2.6, 17.4.3 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Type Confusion in V8.

Upgrade electron to version 15.5.3, 16.2.3, 17.4.1 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Type Confusion in V8.

Upgrade electron to version 15.5.3, 16.2.4, 17.4.2 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Improper implementation in Compositing.

Upgrade electron to version 15.5.3, 16.2.4 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow in WebGPU.

Upgrade electron to version 16.2.5, 17.4.3 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Inappropriate implementation in WebGL.

Upgrade electron to version 16.2.5, 17.4.3 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free in SwiftShader.

Upgrade electron to version 15.5.4, 16.2.5, 17.4.3 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Inappropriate implementation in Web Cursor.

Upgrade electron to version 15.5.4, 16.2.3, 17.4.1 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Type Confusion in V8 Turbofan, exploiting this vulnerability is possible via a crafted HTML page.

Upgrade electron to version 15.5.3, 16.2.4, 17.4.2 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Information Exposure where ImageBitmaps that is created by webGL contexts will fail to render.

Upgrade electron to version 14.2.8, 15.4.2, 16.2.0 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Type Confusion due to mishandling of interceptors which can lead to out-of-bounds memory access.

Upgrade electron to version 15.5.0, 16.2.0 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free via Angle, where base level changes may not update FBO completeness check.

Upgrade electron to version 16.2.0 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Improper Access Control via the web Bluetooth API, if the app has not configured a custom select-bluetooth-device event handler. The device that is accessed is random and the attacker would have no way of selecting a specific device.

Upgrade electron to version 13.6.6, 14.2.4, 15.3.5, 16.0.6, 17.0.0-alpha.6 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free on context loss.

Upgrade electron to version 14.2.7, 15.4.0, 16.0.10 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Improper Check or Handling of Exceptional Conditions which returns an invalid handle after ReportBadMessage

Upgrade electron to version 14.2.7, 15.4.0, 16.0.10 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Integer Overflow or Wraparound due to handle reuse in Mojo.

Upgrade electron to version 14.2.7, 15.4.0 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free when the source framebuffer's extents were accidentally used instead of the blit area extents.

Upgrade electron to version 14.2.7, 15.4.0, 16.0.10 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free via the Animation component in Chromium.

Upgrade electron to version 16.0.10, 17.1.0 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Improper Input Validation via Mojo. If the endpoint's task runner does not match the current task runner (or an equivalent main-thread task runner for the ChannelProxy) when executing a message dispatch task for that endpoint, it dispatches it on the wrong sequence.

Upgrade electron to version 13.6.8, 14.2.4, 15.3.5 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Improper Control of a Resource Through its Lifetime in the FramebufferAttachment::mRenderToTextureSamples method in Angle. It was never updated if the renderbuffer storage was changed after attaching to framebuffer.

Upgrade electron to version 13.6.8, 14.2.4, 15.3.6 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Interger Underflow in ANGLE. A remote attacker could potentially exploit heap corruption via a crafted HTML page.

Upgrade electron to version 14.2.5, 15.3.6 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free in media in Google Chrome which allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Upgrade electron to version 15.3.5 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free in V8.

Upgrade electron to version 13.6.6, 14.2.4 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Type Confusion in loader in Google Chrome. This can lead to heap corruption which is exploited through a crafted HTML page.

Upgrade electron to version 13.6.6, 14.2.4, 15.3.5 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Type Confusion in V8 in Google Chrome allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Upgrade electron to version 13.6.8, 14.2.5, 15.3.6 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free via file API in Google Chrome prior to 96.0.4664.93. It allows a remote attacker who have compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Upgrade electron to version 13.6.6, 14.2.4, 15.3.5 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Type Confusion in V8. This allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Upgrade electron to version 13.6.3, 14.2.2, 15.3.3 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Inappropriate Implementation via cache in Google Chrome. This allows a remote attacker to leak cross-origin data via a crafted HTML page.

Upgrade electron to version 13.6.6, 14.2.2, 15.3.3 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Inappropriate Implementation via service workers in Google Chrome. This allows a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.

Upgrade electron to version 14.2.2, 15.3.3 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free in loader in Google Chrome. This allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Upgrade electron to version 13.6.3, 14.2.2, 15.3.3 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Domain Spoofing via a crafted HTML page as a result of inappropriate implementation in navigation in Google Chrome.

Upgrade electron to version 16.0.0 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free in the storage foundation, which allows a remote attacker to potentially exploit heap corruption via a crafted HTML page

Upgrade electron to version 16.0.0 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free via the Web Transport module in Chromium.

Upgrade electron to version 14.2.1, 13.6.2 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free via the Garbage Collection module in Chromium.

Upgrade electron to version 14.2.1, 13.6.2, 12.2.3 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Type Confusion via the V8 module in Chromium.

Upgrade electron to version 14.2.1, 13.6.2, 12.2.3 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the WebRTC module in Chromium.

Upgrade electron to version 14.2.0, 13.5.2, 12.2.3 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Information Exposure via the core module in Chromium.

Upgrade electron to version 14.2.0, 13.5.2, 12.2.2 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the Blink module in Chromium.

Upgrade electron to version 14.2.0, 13.5.2 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free via heap corruption through a crafted HTML page.

Upgrade electron to version 14.1.1, 13.5.2, 12.2.2 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free in the file system API, through a heap corruption via a crafted HTML page.

Upgrade electron to version 14.1.1, 13.5.2, 12.2.2 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere. Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Upgrade electron to version 14.1.1, 13.5.2, 12.2.2 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Improper Access Control. Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.

Upgrade electron to version 14.1.1, 13.5.2, 12.2.2 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Sandbox Bypass via chromium, due to a child process's delayed integrity level not being set correctly.

Upgrade electron to version 12.2.2, 13.5.2, 14.2.0 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Improper Input Validation. It is possible to kill a renderer if it provides an unexpected FrameOwnerElementType.

Upgrade electron to version 13.5.1, 12.2.1 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free in Indexed DB API.

Upgrade electron to version 13.5.0, 12.2.0 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Buffer Overflow in ANGLE.

Upgrade electron to version 13.5.0, 12.2.0 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Out-of-Bounds in ANGLE.

Upgrade electron to version 13.5.0, 12.2.0 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Access Restriction Bypass in Blink.

Upgrade electron to version 13.5.0, 12.2.0 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Type Confusion via Blink layout in Chrome.

Upgrade electron to version 13.5.0, 12.2.0 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Out-of-Bounds. An out of bounds write issue exists in engine.

Upgrade electron to version 13.5.0, 12.1.2 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow in WebGL via Chrome. This allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Upgrade electron to version 13.1.8, 12.0.16, 11.4.11 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free in WebSerial via Chrome.

Upgrade electron to version 12.0.16, 11.4.11 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free in Autofill.

Upgrade electron to version 12.0.16, 11.4.11 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free in GPU.

Upgrade electron to version 13.1.8, 12.0.16, 11.4.11 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free in Blink XSLT.

Upgrade electron to version 12.0.16, 11.4.11 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free in V8 via Chrome.

Upgrade electron to version 12.0.16, 11.4.11 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free via sqlite. This can allow a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Upgrade electron to version 13.1.8, 12.0.16, 11.4.11 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Type Confusion in V8 via Chrome.

Upgrade electron to version 12.0.16, 11.4.11 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free in WebRTC.

Upgrade electron to version 12.0.14, 11.4.10 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free in WebAudio.

Upgrade electron to version 12.0.14, 11.4.10 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Out-of-bounds Write via ANGLE in Chrome.

Upgrade electron to version 12.0.13, 11.4.10 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type ('Type Confusion'). Type confusion in V8 in Google Chrome allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Upgrade electron to version 12.0.12, 11.4.9 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free in BFCache in Google Chrome, which allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Upgrade electron to version 12.0.13, 11.4.9 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free. Use after free in Loader in Google Chrome allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Upgrade electron to version 12.0.12, 11.4.9 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free in Network service.

Upgrade electron to version 12.0.13, 11.4.10 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free in WebGL.

Upgrade electron to version 12.0.13, 11.4.10 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow in Media Feeds.

Upgrade electron to version 12.0.10, 11.4.8, 10.4.7 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Race Condition in Aura.

Upgrade electron to version 12.0.10, 11.4.8, 10.4.7 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free in Notifications.

Upgrade electron to version 12.0.10, 11.4.8, 10.4.7 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Type Confusion in V8.

Upgrade electron to version 12.0.10, 11.4.8, 10.4.7 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free in File API.

Upgrade electron to version 12.0.10, 11.4.8, 10.4.7 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow in History.

Upgrade electron to version 12.0.10, 11.4.8, 10.4.7 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow in Reader Mode.

Upgrade electron to version 12.0.10, 11.4.8, 10.4.7 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Out Of Bounds Read. Blit11 would clip the destination rectangle with the destination size but ignore the result. gl::ClipRectangle returns false when the rectangles do not intersect at all, indicating the blit can be skipped.

Upgrade electron to version 10.4.4, 11.4.4, 12.0.6 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Improper Input Validation due to insufficient data validation that exists in V8.

Upgrade electron to version 10.4.4, 12.0.6 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the Mojo component of chromium.

Upgrade electron to version 10.4.4, 12.0.6 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free via the Navigation component of chromium.

Upgrade electron to version 10.4.4, 11.4.4, 12.0.6 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Integer Overflow via Chromium in Mojo.

Upgrade electron to version 10.4.4 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow via V8.

Upgrade electron to version 10.4.4, 11.4.4, 12.0.6 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Out-of-bounds Read via the IPC in chromium.

Upgrade electron to version 11.4.4, 10.4.4 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free in the chromium extensions resource.

Upgrade electron to version 11.4.4, 10.4.4 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free via a vulnerability that exists in Blink in Chromium. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.

Upgrade electron to version 11.4.4, 10.4.4 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Out-of-bounds via the V8 component in Chrome.

Upgrade electron to version 11.4.4, 10.4.4, 12.0.6 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free via chromium which allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Upgrade electron to version 12.0.5, 11.4.4, 10.4.4 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free via Aura in Google Chrome which allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Upgrade electron to version 12.0.5, 11.4.4, 10.4.4 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free via Chrome which allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Upgrade electron to version 12.0.5, 11.4.4, 10.4.4 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free. It allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Upgrade electron to version 10.4.2, 11.4.1 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Improper Input Validation. It allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Upgrade electron to version 10.4.2, 11.4.1 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Out-of-Bounds. Out of bounds memory access in V8 in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. This vulnerability relates to an electron component.

Upgrade electron to version 10.4.2, 11.4.1 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Access Restriction Bypass. Inappropriate implementation in Referrer in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. This vulnerability relates to an electron component.

Upgrade electron to version 10.4.3, 11.4.1 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Out-of-bounds Write via a data race in the audio component. A remote attacker could potentially exploit heap corruption using a crafted HTML page.

Upgrade electron to version 10.4.1, 11.4.1 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Insecure Defaults. Insufficient policy enforcement in the File System API of chromium allows a remote attacker to bypass filesystem restrictions via a crafted HTML page.

Upgrade electron to version 10.4.1, 11.4.1 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free. When a LayoutInline is removed, LineBoxList::DirtyLinesFromChangedChild tries to mark affected RootInlineBox dirty.

When the |LayoutInline| to be removed is culled, it tries to find the RootInlineBox from its previous siblings, then look for its previous and next RootInlineBoxes.

Occasionally, the next next line of the previous sibling is wrapped at the LayoutInline, and that its LineBreakObj() holds the reference to the LayoutInline. This patch marks such RootInlineBox dirty.

Upgrade electron to version 11.4.0, 10.4.1 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Heap Buffer Overflow via WebAudio.

Upgrade electron to version 11.4.0, 10.4.1 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Information Exposure. The is a side-channel information leakage in autofill.

Upgrade electron to version 11.4.0, 10.4.1 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free in WebRTC.

Upgrade electron to version 11.4.0, 10.4.1 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Out-of-Bounds. Object lifecycle issue in audio.

Upgrade electron to version 11.4.0, 10.4.1 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free via handling of cookies.

Upgrade electron to version 9.4.2, 10.3.1, 11.2.2 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Insufficient Validation via an unknown issue in chromium.

Upgrade electron to version 9.4.2, 10.3.1, 11.2.2 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free via the Blink component in chromium.

Upgrade electron to version 9.4.2, 10.3.1, 11.2.2 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Information Exposure. IPC messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, can in some cases be delivered to the wrong frame.

Upgrade electron to version 9.4.0, 10.2.0, 11.1.0, 12.0.0-beta.9 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Improper Input Validation via the File System API.

Upgrade electron to version 11.2.1, 9.4.4 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free. It hands sub-queries with both a correlated WHERE clause and a HAVING 0 clause where the parent query is itself an aggregate.

Upgrade electron to version 11.2.1, 9.4.4 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free in Media.

Upgrade electron to version 11.2.1, 9.4.4 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free. An unknown vunerability exists in Chrome.

Upgrade electron to version 9.4.1, 10.3.2 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Out-of-bounds Read. An unknown vunerability exists in Chrome which affects electron.

Upgrade electron to version 9.4.1, 10.3.2 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Information Exposure. When a BigInt is right-shifted the backing store is not properly cleared, allowing uninitialized memory to be read.

Upgrade electron to version 9.4.1, 10.3.2 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free. Since JavaScript may detach the underlying buffers, they need to be checked to ensure they're still valid before using them for decoding.

Upgrade electron to version 10.2.0, 9.4.4 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Insufficient Validation in V8.

Upgrade electron to version 9.4.0, 10.2.0 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Improper Validation. The value of a node was accessed without prior HasValue check. With WebAssembly this node is not guaranteed to be a value.

Upgrade electron to version 10.1.6, 9.4.4 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free via the site isolation.

Upgrade electron to version 8.5.4, 9.3.5, 10.1.6 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Improper Access Control. An insufficient policy enforcement flaw was found in the networking component of chromium.

Upgrade electron to version 9.4.0, 10.1.7 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Improper Input Validation. An insufficient data validation flaw was found in the WASM component of the Chromium browser.

Upgrade electron to version 9.4.0, 10.1.7 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow. A heap buffer overflow flaw was found in the UI component of the Chromium browser.

Upgrade electron to version 9.4.0, 10.2.0 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free. A use after free flaw was found in the PPAPI component of the Chromium browser.

Upgrade electron to version 9.4.0, 10.2.0 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow in Freetype.

Upgrade electron to version 8.5.3, 9.3.3, 10.1.5 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Arbitrary File Read. It allows arbitrary local file read by defining unsafe window options on a child window opened via window.open.

Upgrade electron to version 7.2.4, 8.2.4 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Privilege Escalation. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.

##Note: Only apps using contextIsolation are affected.

Upgrade electron to version 7.2.4, 8.2.4 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Privilege Escalation. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.

##Note: Only apps using both contextIsolation and contextBridge are affected.

Upgrade electron to version 7.2.4, 8.2.4 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Privilege Escalation. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.

##Note: Only apps using contextIsolation are affected.

Upgrade electron to version 6.1.11, 7.2.4, 8.2.4 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free in WebRTC.

Upgrade electron to version 8.3.1 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Type Confusion in V8.

Upgrade electron to version 7.3.1 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free. It allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Upgrade electron to version 6.1.10, 7.2.2, 8.2.0 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Buffer Underflow. Since there may be multiple instance of DWriteFontProxyImpl instantiated for multiple RenderProcessHosts, and DWriteFontProxyImpl::GetUniqueNameLookupTable may access DWriteFontLookupTableBuilder::QueueShareMemoryRegionWhenReady from separate threads, there may be race conditions around the pending_callbacks_ member of DWriteFontLookupTableBuilder.

Upgrade electron to version 6.1.10, 7.2.2, 8.2.0 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free. FileChooserImpl can outlive ListenerProxy leading to a crash.

Upgrade electron to version 6.1.10, 7.2.2, 8.2.0 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free. An AudioContext is considered to have activity if it's not closed. Previously, suspended contexts were considered has having no activity, but that's not quite true since the context can be resumed at any time after. This would allow contexts to be collected prematurely even though the context was resumed. This causes the audio thread to access objects that are possibly deleted.

Upgrade electron to version 6.1.10, 7.2.2, 8.0.0-beta.6 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free. The rendering_orphan_handlers_ and deletable_orphan_handlers_ handlers can hold references to the context after BaseAudioContext is destroyed.

Upgrade electron to version 6.1.10, 7.2.2, 8.2.1 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free. Initialize() could potentially run twice in MojoVideoEncodeAcceleratorService.

Upgrade electron to version 6.1.10, 7.2.2, 8.2.1 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Site Isolation Bypass. parent_execution_origin_ is provided from parent's RenderFrameHostImpl::last_committed_origin_ that is set during navigation commit. Worker creation IPC from the renderer to browser could race with navigation commit, and could see the wrong last committed origin.

Upgrade electron to version 7.2.2, 8.2.1 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free. It allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Upgrade electron to version 6.1.10, 7.2.2, 8.2.1 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free via the audio component. It allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Upgrade electron to version 6.1.10, 7.2.2, 8.2.1 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Improper Access Control. It has an inappropriate implementation in V8.

Upgrade electron to version 6.1.10, 7.2.2, 8.2.1 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free via the audio component.

Upgrade electron to version 8.2.1, 7.2.2 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Heap Overflow. A Heap buffer overflow exists in the media component of Google Chrome, which also affects chromium.

Upgrade electron to version 6.1.10, 7.2.2, 8.2.1 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free. Multiple user after free vulnerabilities exists in the WebAudio component of chromium.

Upgrade electron to version 6.1.10, 7.2.2, 8.2.1 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Out-of-bounds Read. The input to sctp_load_addresses_from_init is verified by calling sctp_arethere_unrecognized_parameters, however there is a difference in how these functions handle parameter bounds. The function sctp_arethere_unrecognized_parameters does not process a parameter that is partially outside of the limit of the chunk, meanwhile, sctp_load_addresses_from_init will continue processing until a parameter that is entirely outside of the chunk occurs.

This means that the last parameter of a chunk is not always verified, which can lead to parameters with very short plen values being processed by sctp_load_addresses_from_init. This can lead to out-of-bounds reads whenever the plen is subtracted from the header len.

Upgrade electron to version 6.1.10, 7.2.2, 8.2.0 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Arbitrary Code Execution due to Node being enabled in a webview because the default values of nodeIntegration and webviewTag were set to true when they where undefined by a user. The fix allows users to prevent Node and webview being enabled, when undefined, by setting the default values of nodeIntegration and webviewTag to false.

Upgrade electron to version 5.0.0-beta.1 or higher.

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Arbitrary Code Execution. Opening a BrowserView with sandbox: true or nativeWindowOpen: true and nodeIntegration: false results in a webContents where window.open() can be called and the newly opened child will have nodeIntegration enabled.

Upgrade electron to version 2.0.17, 3.0.15, 3.1.3, 4.0.4, 5.0.0-beta.2 or higher.

If for some reason you are unable to upgrade your Electron version, you can mitigate this issue by disabling all child web contents: view.webContents.on('-add-new-contents', e => e.preventDefault());

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free via the Chromium FileReader.

Note: This vulnerability affects all software based on Chromium, including Electron.

Upgrade electron to version 2.0.18, 3.0.16, 3.1.6, 4.0.8 or higher.