22 matches found
Use After Free
Electron is vulnerable to Use After Free. The vulnerability is due to improper handling of child windows in offscreen rendering mode after the parent WebContents is destroyed, which allows an attacker to trigger memory corruption or application crashes through crafted child window interactions...
CVE-2026-34764
A flaw was found in Electron, a framework for building desktop applications. This vulnerability, a use-after-free, affects applications that utilize offscreen rendering with GPU shared textures. Under specific conditions, a callback function can attempt to access memory that has already been...
CVE-2026-34764
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From 33.0.0-alpha.1 to before 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, apps that use offscreen rendering with GPU shared textures may be vulnerable to a use-after-free. Under certain...
CVE-2026-34774
A flaw was found in Electron. This use-after-free vulnerability occurs in applications that utilize offscreen rendering and permit child windows. When the parent offscreen WebContents is destroyed while a child window remains active, subsequent rendering attempts on the child can access freed...
CVE-2026-34764 Electron has a use-after-free in offscreen shared texture release() callback
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From 33.0.0-alpha.1 to before 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, apps that use offscreen rendering with GPU shared textures may be vulnerable to a use-after-free. Under certain...
CVE-2026-34764 Electron has a use-after-free in offscreen shared texture release() callback
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From 33.0.0-alpha.1 to before 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, apps that use offscreen rendering with GPU shared textures may be vulnerable to a use-after-free. Under certain...
EUVD-2026-19352
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From 33.0.0-alpha.1 to before 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, apps that use offscreen rendering with GPU shared textures may be vulnerable to a use-after-free. Under certain...
CVE-2026-34764
The CVE-2026-34764 issue affects Electron apps that use offscreen rendering with GPU shared textures (webPreferences.offscreen: { useSharedTexture: true }). The root cause is a use-after-free where the release() callback for a paint-event texture can outlive its backing native state, causing a de...
CVE-2026-34774
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 39.8.1, 40.7.0, and 41.0.0, apps that use offscreen rendering and allow child windows via window.open may be vulnerable to a use-after-free. If the parent offscreen WebContent...
CVE-2026-34774 Electron: Use-after-free in offscreen child window paint callback
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 39.8.1, 40.7.0, and 41.0.0, apps that use offscreen rendering and allow child windows via window.open may be vulnerable to a use-after-free. If the parent offscreen WebContent...
CVE-2026-34774
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 39.8.1, 40.7.0, and 41.0.0, apps that use offscreen rendering and allow child windows via window.open may be vulnerable to a use-after-free. If the parent offscreen WebContent...
CVE-2026-34774 Electron: Use-after-free in offscreen child window paint callback
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 39.8.1, 40.7.0, and 41.0.0, apps that use offscreen rendering and allow child windows via window.open may be vulnerable to a use-after-free. If the parent offscreen WebContent...
CVE-2026-34774
Electron is affected when apps use offscreen rendering (webPreferences.offscreen: true) and allow child windows via window.open(). In such cases, if the parent offscreen WebContents is destroyed while a child window remains open, subsequent paint frames on the child can dereference freed memory, ...
Electron: Use-after-free in offscreen shared texture release() callback
Impact Apps that use offscreen rendering with GPU shared textures may be vulnerable to a use-after-free. Under certain conditions, the release callback provided on a paint event texture can outlive its backing native state, and invoking it after that point dereferences freed memory in the main...
Use After Free
Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Use After Free in the release callback of the paint event, when offscreen rendering with GPU shared textures is enabled. An...
GHSA-8X5Q-PVF5-64MP Electron: Use-after-free in offscreen shared texture release() callback
Impact Apps that use offscreen rendering with GPU shared textures may be vulnerable to a use-after-free. Under certain conditions, the release callback provided on a paint event texture can outlive its backing native state, and invoking it after that point dereferences freed memory in the main...
GHSA-532V-XPQ5-8H95 Electron: Use-after-free in offscreen child window paint callback
Impact Apps that use offscreen rendering and allow child windows via window.open may be vulnerable to a use-after-free. If the parent offscreen WebContents is destroyed while a child window remains open, subsequent paint frames on the child dereference freed memory, which may lead to a crash or...
Electron: Use-after-free in offscreen child window paint callback
Impact Apps that use offscreen rendering and allow child windows via window.open may be vulnerable to a use-after-free. If the parent offscreen WebContents is destroyed while a child window remains open, subsequent paint frames on the child dereference freed memory, which may lead to a crash or...
Use After Free
Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Use After Free in the offscreen rendering process when a parent WebContents is destroyed while a child wind...
Use After Free
Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Use After Free in the offscreen rendering process when a parent WebContents is destroyed while a child window remains open...