4 matches found
CVE-2026-34769
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, an undocumented commandLineSwitches webPreference allowed arbitrary switches to be appended to the renderer process command line. Ap...
CVE-2026-34769
CVE-2026-34769 (Electron) affects Electron versions prior to 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8. An undocumented commandLineSwitches webPreference allowed arbitrary switches to be appended to the renderer process command line. When apps construct webPreferences from external or untrusted i...
Google Chrome 1.0.154.46 (ChromeHTML://) Parameter Injection PoC
Exploit for unknown platform in category remote exploits ================================================================ Google Chrome 1.0.154.46 ChromeHTML:// Parameter Injection PoC ================================================================ Try this:...
Google Chrome 1.0.154.46 - '(ChromeHTML://)' Injection
Try this: chromehtml:"%20--renderer-path="calc"%20--no-sandbox Disabling sandbox does matter : Tested with Google Chrome Chrome 1.0.154.46 on Win XP/Vista and IE6/IE7 and it works ... Full PoC: Chrome URI Handler Remote Command Execution PoC This is a test milw0rm.com 2009-01-30...