24 matches found
CVE-2026-34780
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From versions 39.0.0-alpha.1 to before 39.8.0, 40.0.0-alpha.1 to before 40.7.0, and 41.0.0-alpha.1 to before 41.0.0-beta.8, apps that pass VideoFrame objects from the WebCodecs API across the...
CVE-2026-34780
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From versions 39.0.0-alpha.1 to before 39.8.0, 40.0.0-alpha.1 to before 40.7.0, and 41.0.0-alpha.1 to before 41.0.0-beta.8, apps that pass VideoFrame objects from the WebCodecs API across the...
CVE-2026-34780 Electron: Context Isolation bypass via contextBridge VideoFrame transfer
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From versions 39.0.0-alpha.1 to before 39.8.0, 40.0.0-alpha.1 to before 40.7.0, and 41.0.0-alpha.1 to before 41.0.0-beta.8, apps that pass VideoFrame objects from the WebCodecs API across the...
CVE-2026-34780 Electron: Context Isolation bypass via contextBridge VideoFrame transfer
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From versions 39.0.0-alpha.1 to before 39.8.0, 40.0.0-alpha.1 to before 40.7.0, and 41.0.0-alpha.1 to before 41.0.0-beta.8, apps that pass VideoFrame objects from the WebCodecs API across the...
Electron 安全漏洞
Electron is a JavaScript framework developed by users for creating cross-platform desktop applications under the open-source license. This framework is based on Node.js and Chromium, allowing the development of cross-platform desktop applications using HTML and CSS. Vulnerabilities exist in...
Insecure Default Initialization of Resource
Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Insecure Default Initialization of Resource in the transfer of VideoFrame objects via contextBridge. An attacker can gain...
GHSA-JFQG-HF23-QPW2 Electron: Context Isolation bypass via contextBridge VideoFrame transfer
Impact Apps that pass VideoFrame objects from the WebCodecs API across the contextBridge are vulnerable to a context isolation bypass. An attacker who can execute JavaScript in the main world for example, via XSS can use a bridged VideoFrame to gain access to the isolated world, including any...
EUVD-2026-18961
Electron: Context Isolation bypass via contextBridge VideoFrame transfer...
PT-2026-30010
Impact Apps that pass VideoFrame objects from the WebCodecs API across the contextBridge are vulnerable to a context isolation bypass. An attacker who can execute JavaScript in the main world for example, via XSS can use a bridged VideoFrame to gain access to the isolated world, including any...
EUVD-2020-0558
Malware in sbrugna...
CVE-2023-29198
Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps using contextIsolation and contextBridge are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach...
Improper Check For Unusual Or Exceptional Conditions
Electron is vulnerable to Improper Check For Unusual Or Exceptional Conditions. The vulnerability is caused by not implementing error handling correctly in case of an API exposed to the main world via contextBridge returning an object or array that contains a JS object which cannot be serialized...
CVE-2023-29198
Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps using contextIsolation and contextBridge are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach...
Design/Logic Flaw
Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps using contextIsolation and contextBridge are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach...
CVE-2023-29198 Context isolation bypass via nested unserializable return value in Electron
Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps using contextIsolation and contextBridge are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach...
CVE-2023-29198 Context isolation bypass via nested unserializable return value in Electron
Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps using contextIsolation and contextBridge are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach...
CVE-2023-29198
CVE-2023-29198 affects Electron apps that use contextIsolation with contextBridge. The vulnerability is a context isolation bypass that occurs when a main-world exposed API returns an unserializable object (e.g., a canvas rendering context), allowing access from the renderer to the isolated Elect...
CVE-2023-29198 Context isolation bypass via nested unserializable return value in Electron
Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps using contextIsolation and contextBridge are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach...
Electron context isolation bypass via nested unserializable return value
Impact Apps using contextIsolation and contextBridge are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Workarounds This issue is exploitable under eithe...
Internet Bug Bounty: Context isolation bypass via nested unserializable return value
A vulnerability was discovered in Electron that allowed for a bypass of context isolation. This meant that code running in the main world context in the renderer could access the isolated Electron context and perform privileged actions. The vulnerability was fixed in versions 25.0.0-alpha.2,...