CVE-2026-34765 Electron named window.open targets not scoped to the opener's browsing context

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, when a renderer calls window.open with a target name, Electron did not correctly scope the named-window lookup to the opener's browsing...