25 matches found
CVE-2026-34780
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From versions 39.0.0-alpha.1 to before 39.8.0, 40.0.0-alpha.1 to before 40.7.0, and 41.0.0-alpha.1 to before 41.0.0-beta.8, apps that pass VideoFrame objects from the WebCodecs API across the...
CVE-2026-34780
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From versions 39.0.0-alpha.1 to before 39.8.0, 40.0.0-alpha.1 to before 40.7.0, and 41.0.0-alpha.1 to before 41.0.0-beta.8, apps that pass VideoFrame objects from the WebCodecs API across the...
CVE-2026-34780 Electron: Context Isolation bypass via contextBridge VideoFrame transfer
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From versions 39.0.0-alpha.1 to before 39.8.0, 40.0.0-alpha.1 to before 40.7.0, and 41.0.0-alpha.1 to before 41.0.0-beta.8, apps that pass VideoFrame objects from the WebCodecs API across the...
CVE-2026-34780 Electron: Context Isolation bypass via contextBridge VideoFrame transfer
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From versions 39.0.0-alpha.1 to before 39.8.0, 40.0.0-alpha.1 to before 40.7.0, and 41.0.0-alpha.1 to before 41.0.0-beta.8, apps that pass VideoFrame objects from the WebCodecs API across the...
Electron 安全漏洞
Electron is a JavaScript framework developed by users for creating cross-platform desktop applications under the open-source license. This framework is based on Node.js and Chromium, allowing the development of cross-platform desktop applications using HTML and CSS. Vulnerabilities exist in...
Insecure Default Initialization of Resource
Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Insecure Default Initialization of Resource in the transfer of VideoFrame objects via contextBridge. An attacker can gain...
GHSA-JFQG-HF23-QPW2 Electron: Context Isolation bypass via contextBridge VideoFrame transfer
Impact Apps that pass VideoFrame objects from the WebCodecs API across the contextBridge are vulnerable to a context isolation bypass. An attacker who can execute JavaScript in the main world for example, via XSS can use a bridged VideoFrame to gain access to the isolated world, including any...
EUVD-2026-18961
Electron: Context Isolation bypass via contextBridge VideoFrame transfer...
PT-2026-30010
Impact Apps that pass VideoFrame objects from the WebCodecs API across the contextBridge are vulnerable to a context isolation bypass. An attacker who can execute JavaScript in the main world for example, via XSS can use a bridged VideoFrame to gain access to the isolated world, including any...
EUVD-2023-25361
Malicious code in bioql PyPI...
(Pwn2Own) Google Chrome VideoFrame Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation o...
Apple WebKit WebCodecs VideoFrame Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the VideoFram...
CVE-2023-21193
In VideoFrame of VideoFrame.h, there is a possible abort due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-233006499...
Integer overflow
In VideoFrame of VideoFrame.h, there is a possible abort due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-233006499...
Google Pixel 输入验证错误漏洞
Google Pixel is a smartphone from Google USA. Google Pixel suffers from a security vulnerability that originates in VideoFrame.h in VideoFrame due to an integer overflow, which could lead to remote information disclosure...
CVE-2023-21193
In VideoFrame of VideoFrame.h, there is a possible abort due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-233006499...
PT-2023-17981 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue is related to an integer overflow in VideoFrame of VideoFrame.h, which could lead to remote information disclosure without requiring additional execution privileges. User interaction is not...
CVE-2023-21193
In VideoFrame of VideoFrame.h, there is a possible abort due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-233006499...
CVE-2023-21193
CVE-2023-21193 is a vulnerability in Android 13 where the VideoFrame component in VideoFrame.h can abort due to an integer overflow, potentially enabling remote information disclosure without user interaction. The CVE is listed in multiple sources (NVD, Red Hat, PRION, OSV) with the same basic de...
PUB-A-233006499
In VideoFrame of VideoFrame.h, there is a possible abort due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...