2021-07-20 23:16:19 +03:00
|
|
|
---
|
|
|
|
title: Chromium RCE Vulnerability Fix
|
|
|
|
date: 2017-09-27T00:00:00.000Z
|
2024-06-19 21:52:57 +03:00
|
|
|
authors: zeke
|
2021-07-20 23:16:19 +03:00
|
|
|
slug: chromium-rce-vulnerability
|
2024-06-18 22:57:44 +03:00
|
|
|
tags: [security]
|
2021-07-20 23:16:19 +03:00
|
|
|
---
|
2023-03-16 02:03:25 +03:00
|
|
|
|
2021-07-20 23:16:19 +03:00
|
|
|
A remote code execution vulnerability has been discovered in Google Chromium
|
|
|
|
that affects all recent versions of Electron. Any Electron app that accesses
|
|
|
|
remote content is vulnerable to this exploit, regardless of whether the
|
|
|
|
[sandbox option] is enabled.
|
|
|
|
|
|
|
|
We've published two new versions of electron `1.7.8` and `1.6.14`,
|
|
|
|
both of which include a fix for this vulnerability. We urge all Electron
|
|
|
|
developers to update their apps to the latest stable version immediately:
|
|
|
|
|
|
|
|
```sh
|
|
|
|
npm i electron@latest --save-dev
|
|
|
|
```
|
|
|
|
|
|
|
|
To learn more about best practices for keeping your Electron apps secure,
|
|
|
|
see our [security tutorial].
|
|
|
|
|
|
|
|
Please contact security@electronjs.org if you wish to report a vulnerability in
|
|
|
|
Electron.
|
|
|
|
|
|
|
|
[sandbox option]: https://electronjs.org/docs/api/sandbox-option
|
|
|
|
[security tutorial]: https://electronjs.org/docs/tutorial/security
|