Intel/AIKIDO-2024-10033
electron
AIKIDO-2024-10033
electron is vulnerable to Out-of-bounds Read
Out-of-bounds ReadCVE-2024-3157 Published Apr 18, 2024
60
Medium Risk
This Affects:
electron27.0.0 - 27.3.10
Fixed in 27.3.1128.0.0 - 28.3.0
Fixed in 28.3.129.0.0 - 29.3.0
Fixed in 29.3.1Are you affected? Scan for Free
TL;DR
An out of bounds memory access vulnerability in the compositing feature of Google Chrome versions prior to 123.0.6312.122 allows a remote attacker, who has compromised the GPU process, to potentially escape the sandbox through specific UI gestures. (Chromium security severity: High)
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
electron is vulnerable to Out-of-bounds Read in versions 27.0.0 - 27.3.10, 28.0.0 - 28.3.0 and 29.0.0 - 29.3.0.
How to fix this
Upgrade the electron library to a patch version.
Links
GitHub Release
Other
chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_10.htmlhttps://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_10.html
issues.chromium.org/issues/331237485https://issues.chromium.org/issues/331237485
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EW66LXDACTB5FCHLUPZOGD2KA2J62Q2/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EW66LXDACTB5FCHLUPZOGD2KA2J62Q2/
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVEJEW7UCSUSK2J2FYQRZZPI74P2D3JP/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVEJEW7UCSUSK2J2FYQRZZPI74P2D3JP/
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDHNEFD76ORM7WBWAEZT6HSYDMZVIED4/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDHNEFD76ORM7WBWAEZT6HSYDMZVIED4/
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
Resources
Industries
Use Cases
Compare
© 2026 Aikido Security BV | BE0792914919
Keizer Karelstraat 15, 9000, Ghent, Belgium
95 Third St, 2nd Fl, San Francisco, CA 94103, US
Unit 6.15 Runway East 18 18 Crucifix Ln, London SE1 3JW UK
Ghent, Belgium | San Francisco, US
SOC 2Compliant
ISO 27001Compliant