CVE-2020-4077 Context isolation bypass via contextBridge in Electron

In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using both contextIsolation and contextBridge are affected. Thi...

GHSA-H9JC-284H-533G Context isolation bypass via contextBridge in Electron

Impact Apps using both contextIsolation and contextBridge are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Workarounds There are no app-side workaround...

Context isolation bypass via contextBridge in Electron

Impact Apps using both contextIsolation and contextBridge are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Workarounds There are no app-side workaround...

OpenJS Electron Security Bypass Vulnerability

OpenJS Electron is the OpenJS Foundation of an open source framework for desktop GUI application development . A security vulnerability exists in the contextIsolation module and contextBridge module in OpenJS Electron versions prior to 7.2.4, 8.2.4, and 9.0.0-beta21. An attacker can exploit the...