EUVD-2021-12302

Malware in sbrugna...

CVE-2022-21718

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to 17.0.0-alpha.6, 16.0.6, 15.3.5, 14.2.4, and 13.6.6 allows renderers to obtain access to a bluetooth device via the web bluetooth API if the app has not...

Internet Bug Bounty: Renderers can obtain access to random bluetooth device without permission

With the default configuration in Electron, renderer processes which should not have access to system resources by default can gain read/write access to a nearby bluetooth device. To reproduce: Run the electron-quick-start app with a vulnerable version of Electron:...