electron 32.1.2 vulnerabilities

Known vulnerabilities in the electron package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
H Function Call with Incorrectly Specified Arguments electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Function Call with Incorrectly Specified Arguments via an incorrect handle provided in unspecified circumstances in Mojo. An attacker can reflect a broker-initiated transport back to a broker, which ultimately allows for handle leaks if the reflected transport is later used to deserialize another transport containing handles. How to fix Function Call with Incorrectly Specified Arguments? Upgrade `electron` to version 36.3.0 or higher.	<36.3.0
M Information Exposure electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Information Exposure via the `Loader` component. An attacker can leak sensitive cross-origin data by crafting a malicious HTML page. How to fix Information Exposure? Upgrade `electron` to version 36.3.0 or higher.	<36.3.0
M Improper Isolation or Compartmentalization electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization that allows an attacker who can convince a user to follow a malicious link to escape sandbox protections, due to a logic error in the Mojo component. This vulnerability does not enable code execution on its own, but is presumed chainable with another vulnerability to achieve code execution and has been observed in the wild. Note: This vulnerability is only exploitable on Windows. How to fix Improper Isolation or Compartmentalization? Upgrade `electron` to version 33.4.8, 34.4.1, 35.1.2 or higher.	<33.4.8>=34.0.0-alpha.1 <34.4.1>=35.0.0-alpha.1 <35.1.2
H Access of Resource Using Incompatible Type ('Type Confusion') electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type ('Type Confusion') in v8. How to fix Access of Resource Using Incompatible Type ('Type Confusion')? Upgrade `electron` to version 33.4.6, 34.3.4 or higher.	<33.4.6>=34.0.0 <34.3.4
H Use After Free electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Use After Free through the V8 engine. How to fix Use After Free? Upgrade `electron` to version 32.3.3, 33.4.3 or higher.	<32.3.3>=33.0.0-alpha.1 <33.4.3
M Heap-based Buffer Overflow electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Heap-based Buffer Overflow in v8, when processing a very large number of parameters. How to fix Heap-based Buffer Overflow? Upgrade `electron` to version 32.3.2, 33.4.2 or higher.	<32.3.2>=33.0.0-alpha.1 <33.4.2
H Use After Free electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Use After Free through the `V8` engine. An attacker can potentially exploit heap corruption by crafting a malicious HTML page. How to fix Use After Free? Upgrade `electron` to version 33.4.3 or higher.	<33.4.3
H Out-of-bounds Write electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Out-of-bounds Write through crafted HTML pages. An attacker can exploit heap corruption by sending a specially crafted HTML page to the victim. How to fix Out-of-bounds Write? Upgrade `electron` to version 32.3.2, 33.4.2 or higher.	<32.3.2>=33.0.0-alpha.1 <33.4.2
H Out-of-bounds Write electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Out-of-bounds Write via a crafted HTML page. An attacker can potentially exploit heap corruption by sending a specially crafted HTML page to the victim. How to fix Out-of-bounds Write? Upgrade `electron` to version 32.3.2, 33.4.2 or higher.	<32.3.2>=33.0.0-alpha.1 <33.4.2
H External Control of Assumed-Immutable Web Parameter electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to External Control of Assumed-Immutable Web Parameter due to an integer overflow in the `Skia` component. How to fix External Control of Assumed-Immutable Web Parameter? Upgrade `electron` to version 32.3.0, 33.3.2 or higher.	>=32.0.0 <32.3.0>=33.0.0 <33.3.2
H Out-of-bounds Read electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Out-of-bounds Read through the `Metrics` process. How to fix Out-of-bounds Read? Upgrade `electron` to version 32.3.0, 33.3.2 or higher.	>=32.0.0 <32.3.0>=33.0.0 <33.3.2
C Out-of-bounds Write electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Out-of-bounds Write in V8. How to fix Out-of-bounds Write? Upgrade `electron` to version 32.3.0, 33.3.2 or higher.	>=32.0.0 <32.3.0>=33.0.0 <33.3.2
H Out-of-bounds Write electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Out-of-bounds Write through a crafted HTML page. An attacker can execute arbitrary code inside a sandbox by crafting malicious HTML content. How to fix Out-of-bounds Write? Upgrade `electron` to version 32.3.0 or higher.	<32.3.0
M Access of Resource Using Incompatible Type ('Type Confusion') electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type ('Type Confusion') via a crafted HTML page. An attacker can potentially exploit object corruption by manipulating the HTML content. How to fix Access of Resource Using Incompatible Type ('Type Confusion')? Upgrade `electron` to version 31.7.7, 32.2.8 or higher.	>=31.0.0 <31.7.7>=32.0.0 <32.2.8
M Access Restriction Bypass electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Access Restriction Bypass due to an inappropriate implementation in the `Extensions` feature. An attacker can bypass site isolation. How to fix Access Restriction Bypass? Upgrade `electron` to version 31.7.5, 32.2.5, 33.2.1 or higher.	<31.7.5>=32.0.0-alpha.1 <32.2.5>=33.0.0 <33.2.1
H Use After Free electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Use After Free via the `Serial` process. An attacker can potentially exploit heap corruption. How to fix Use After Free? Upgrade `electron` to version 31.7.5, 32.2.5 or higher.	<31.7.5>=32.0.0-alpha.1 <32.2.5
M Access of Resource Using Incompatible Type ('Type Confusion') electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type ('Type Confusion') via a crafted HTML page. An attacker can potentially exploit heap corruption. How to fix Access of Resource Using Incompatible Type ('Type Confusion')? Upgrade `electron` to version 32.2.3 or higher.	<32.2.3
H Improper Access Control electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Improper Access Control due to an inappropriate implementation in Extensions. An attacker can bypass site isolation. How to fix Improper Access Control? Upgrade `electron` to version 31.7.4, 32.2.3 or higher.	<31.7.4>=32.0.0 <32.2.3
M Access of Resource Using Incompatible Type ('Type Confusion') electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type ('Type Confusion') via a crafted HTML page. An attacker can potentially exploit heap corruption. How to fix Access of Resource Using Incompatible Type ('Type Confusion')? Upgrade `electron` to version 31.7.4, 32.2.3 or higher.	<31.7.4>=32.0.0 <32.2.3
H Out-of-bounds Write electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Out-of-bounds Write in Dawn. How to fix Out-of-bounds Write? Upgrade `electron` to version 31.7.4, 32.2.3 or higher.	<31.7.4>=32.0.0 <32.2.3
H Type Confusion electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Type Confusion in v8 engine. How to fix Type Confusion? Upgrade `electron` to version 32.3.0 or higher.	<32.3.0

Vulnerability

Vulnerable Version

Function Call with Incorrectly Specified Arguments

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Function Call with Incorrectly Specified Arguments via an incorrect handle provided in unspecified circumstances in Mojo. An attacker can reflect a broker-initiated transport back to a broker, which ultimately allows for handle leaks if the reflected transport is later used to deserialize another transport containing handles.

How to fix Function Call with Incorrectly Specified Arguments?

Upgrade electron to version 36.3.0 or higher.

<36.3.0

Information Exposure

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Information Exposure via the Loader component. An attacker can leak sensitive cross-origin data by crafting a malicious HTML page.

How to fix Information Exposure?

Upgrade electron to version 36.3.0 or higher.

<36.3.0

Improper Isolation or Compartmentalization

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization that allows an attacker who can convince a user to follow a malicious link to escape sandbox protections, due to a logic error in the Mojo component. This vulnerability does not enable code execution on its own, but is presumed chainable with another vulnerability to achieve code execution and has been observed in the wild.

Note: This vulnerability is only exploitable on Windows.

How to fix Improper Isolation or Compartmentalization?

Upgrade electron to version 33.4.8, 34.4.1, 35.1.2 or higher.

<33.4.8>=34.0.0-alpha.1 <34.4.1>=35.0.0-alpha.1 <35.1.2

Access of Resource Using Incompatible Type ('Type Confusion')

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type ('Type Confusion') in v8.

How to fix Access of Resource Using Incompatible Type ('Type Confusion')?

Upgrade electron to version 33.4.6, 34.3.4 or higher.

<33.4.6>=34.0.0 <34.3.4

Use After Free

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free through the V8 engine.

How to fix Use After Free?

Upgrade electron to version 32.3.3, 33.4.3 or higher.

<32.3.3>=33.0.0-alpha.1 <33.4.3

Heap-based Buffer Overflow

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow in v8, when processing a very large number of parameters.

How to fix Heap-based Buffer Overflow?

Upgrade electron to version 32.3.2, 33.4.2 or higher.

<32.3.2>=33.0.0-alpha.1 <33.4.2

Use After Free

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free through the V8 engine. An attacker can potentially exploit heap corruption by crafting a malicious HTML page.

How to fix Use After Free?

Upgrade electron to version 33.4.3 or higher.

<33.4.3

Out-of-bounds Write

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Out-of-bounds Write through crafted HTML pages. An attacker can exploit heap corruption by sending a specially crafted HTML page to the victim.

How to fix Out-of-bounds Write?

Upgrade electron to version 32.3.2, 33.4.2 or higher.

<32.3.2>=33.0.0-alpha.1 <33.4.2

Out-of-bounds Write

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Out-of-bounds Write via a crafted HTML page. An attacker can potentially exploit heap corruption by sending a specially crafted HTML page to the victim.

How to fix Out-of-bounds Write?

Upgrade electron to version 32.3.2, 33.4.2 or higher.

<32.3.2>=33.0.0-alpha.1 <33.4.2

External Control of Assumed-Immutable Web Parameter

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to External Control of Assumed-Immutable Web Parameter due to an integer overflow in the Skia component.

How to fix External Control of Assumed-Immutable Web Parameter?

Upgrade electron to version 32.3.0, 33.3.2 or higher.

>=32.0.0 <32.3.0>=33.0.0 <33.3.2

Out-of-bounds Read

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Out-of-bounds Read through the Metrics process.

How to fix Out-of-bounds Read?

Upgrade electron to version 32.3.0, 33.3.2 or higher.

>=32.0.0 <32.3.0>=33.0.0 <33.3.2

Out-of-bounds Write

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Out-of-bounds Write in V8.

How to fix Out-of-bounds Write?

Upgrade electron to version 32.3.0, 33.3.2 or higher.

>=32.0.0 <32.3.0>=33.0.0 <33.3.2

Out-of-bounds Write

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Out-of-bounds Write through a crafted HTML page. An attacker can execute arbitrary code inside a sandbox by crafting malicious HTML content.

How to fix Out-of-bounds Write?

Upgrade electron to version 32.3.0 or higher.

<32.3.0

Access of Resource Using Incompatible Type ('Type Confusion')

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type ('Type Confusion') via a crafted HTML page. An attacker can potentially exploit object corruption by manipulating the HTML content.

How to fix Access of Resource Using Incompatible Type ('Type Confusion')?

Upgrade electron to version 31.7.7, 32.2.8 or higher.

>=31.0.0 <31.7.7>=32.0.0 <32.2.8

Access Restriction Bypass

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Access Restriction Bypass due to an inappropriate implementation in the Extensions feature. An attacker can bypass site isolation.

How to fix Access Restriction Bypass?

Upgrade electron to version 31.7.5, 32.2.5, 33.2.1 or higher.

<31.7.5>=32.0.0-alpha.1 <32.2.5>=33.0.0 <33.2.1

Use After Free

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free via the Serial process. An attacker can potentially exploit heap corruption.

How to fix Use After Free?

Upgrade electron to version 31.7.5, 32.2.5 or higher.

<31.7.5>=32.0.0-alpha.1 <32.2.5

Access of Resource Using Incompatible Type ('Type Confusion')

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type ('Type Confusion') via a crafted HTML page. An attacker can potentially exploit heap corruption.

How to fix Access of Resource Using Incompatible Type ('Type Confusion')?

Upgrade electron to version 32.2.3 or higher.

<32.2.3

Improper Access Control

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Improper Access Control due to an inappropriate implementation in Extensions. An attacker can bypass site isolation.

How to fix Improper Access Control?

Upgrade electron to version 31.7.4, 32.2.3 or higher.

<31.7.4>=32.0.0 <32.2.3

Access of Resource Using Incompatible Type ('Type Confusion')

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type ('Type Confusion') via a crafted HTML page. An attacker can potentially exploit heap corruption.

How to fix Access of Resource Using Incompatible Type ('Type Confusion')?

Upgrade electron to version 31.7.4, 32.2.3 or higher.

<31.7.4>=32.0.0 <32.2.3

Out-of-bounds Write

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Out-of-bounds Write in Dawn.

How to fix Out-of-bounds Write?

Upgrade electron to version 31.7.4, 32.2.3 or higher.

<31.7.4>=32.0.0 <32.2.3

Type Confusion

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Type Confusion in v8 engine.

How to fix Type Confusion?

Upgrade electron to version 32.3.0 or higher.

<32.3.0

electron@32.1.2 vulnerabilities

Build cross platform desktop apps with JavaScript, HTML, and CSS

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

How to fix?