CVE-2026-34780 Electron: Context Isolation bypass via contextBridge VideoFrame transfer

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From versions 39.0.0-alpha.1 to before 39.8.0, 40.0.0-alpha.1 to before 40.7.0, and 41.0.0-alpha.1 to before 41.0.0-beta.8, apps that pass VideoFrame objects from the WebCodecs API across the...

CVE-2026-34780

Electron context isolation bypass via contextBridge VideoFrame transfer affects versions 39.0.0-alpha.1–39.7.x, 40.0.0-alpha.1–40.6.x, and 41.0.0-alpha.1–41.0.0-beta.7 (inclusive) where passing VideoFrame objects across the contextBridge can let a main-world attacker access the isolated world and...

EUVD-2020-1409

Malware in sbrugna...

EUVD-2020-0558

Malware in sbrugna...

CVE-2023-29198

Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps using contextIsolation and contextBridge are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach...

CVE-2020-15096

In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using "contextIsolation" are affected. Ther...

CVE-2023-29198 Context isolation bypass via nested unserializable return value in Electron

Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps using contextIsolation and contextBridge are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach...

CVE-2020-15215

Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Apps using both contextIsolation and sandbox: true are affected. Apps using both contextIsolation and nodeIntegrationInSubFrames: true are affected. This is a context isolation bypass,...

GHSA-56PC-6JQP-XQJ8 Context isolation bypass in Electron

Impact Apps using both contextIsolation and sandbox: true are affected. Apps using both contextIsolation and nativeWindowOpen: true are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context an...

CVE-2020-15096

In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using "contextIsolation" are affected. Ther...

CVE-2020-15096

CVE-2020-15096 affects Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21. A context isolation bypass allows code running in the renderer’s main world context to reach into the isolated Electron context and perform privileged actions. The issue impacts apps that enable contextIsolatio...

CVE-2020-4076 Context isolation bypass via leaked cross-context objects in Electron

In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using contextIsolation are affected. This is fixed in versions...

CVE-2020-4077 Context isolation bypass via contextBridge in Electron

In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using both contextIsolation and contextBridge are affected. Thi...

CVE-2020-4077

In Electron, a context isolation bypass affects versions prior to 7.2.4, 8.2.4, and 9.0.0-beta21 where code in the main world of a renderer can access the isolated Electron context when both contextIsolation and contextBridge are used. The issue is fixed in 7.2.4, 8.2.4, and 9.0.0-beta.21. Mitiga...

GHSA-H9JC-284H-533G Context isolation bypass via contextBridge in Electron

Impact Apps using both contextIsolation and contextBridge are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Workarounds There are no app-side workaround...