electronjs.org-new/blog/chromium-rce-vulnerability.md

---
title: Chromium RCE Vulnerability Fix
date: 2017-09-27T00:00:00.000Z
authors: zeke
slug: chromium-rce-vulnerability
tags: [security]
---

A remote code execution vulnerability has been discovered in Google Chromium
that affects all recent versions of Electron. Any Electron app that accesses
remote content is vulnerable to this exploit, regardless of whether the
[sandbox option] is enabled.

We've published two new versions of electron `1.7.8` and `1.6.14`,
both of which include a fix for this vulnerability. We urge all Electron
developers to update their apps to the latest stable version immediately:

```sh
npm i electron@latest --save-dev
```

To learn more about best practices for keeping your Electron apps secure,
see our [security tutorial].

Please contact security@electronjs.org if you wish to report a vulnerability in
Electron.

[sandbox option]: https://electronjs.org/docs/api/sandbox-option
[security tutorial]: https://electronjs.org/docs/tutorial/security
feat: activate blog plugin Activate Docusaurus' blog plugin and make the previous posts available in the new site. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Fix #71 2021-07-20 23:16:19 +03:00			`---`
			`title: Chromium RCE Vulnerability Fix`
			`date: 2017-09-27T00:00:00.000Z`
chore: add blog global authors (#579) 2024-06-19 21:52:57 +03:00			`authors: zeke`
feat: activate blog plugin Activate Docusaurus' blog plugin and make the previous posts available in the new site. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Fix #71 2021-07-20 23:16:19 +03:00			`slug: chromium-rce-vulnerability`
feat: add tags to blog posts (#576) 2024-06-18 22:57:44 +03:00			`tags: [security]`
feat: activate blog plugin Activate Docusaurus' blog plugin and make the previous posts available in the new site. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Fix #71 2021-07-20 23:16:19 +03:00			`---`
chore: proper prettier config (#385) 2023-03-16 02:03:25 +03:00
feat: activate blog plugin Activate Docusaurus' blog plugin and make the previous posts available in the new site. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Fix #71 2021-07-20 23:16:19 +03:00			`A remote code execution vulnerability has been discovered in Google Chromium`
			`that affects all recent versions of Electron. Any Electron app that accesses`
			`remote content is vulnerable to this exploit, regardless of whether the`
			`[sandbox option] is enabled.`

			We've published two new versions of electron `1.7.8` and `1.6.14`,
			`both of which include a fix for this vulnerability. We urge all Electron`
			`developers to update their apps to the latest stable version immediately:`

			```sh
			`npm i electron@latest --save-dev`
			```

			`To learn more about best practices for keeping your Electron apps secure,`
			`see our [security tutorial].`

			`Please contact security@electronjs.org if you wish to report a vulnerability in`
			`Electron.`

			`[sandbox option]: https://electronjs.org/docs/api/sandbox-option`
			`[security tutorial]: https://electronjs.org/docs/tutorial/security`