AIKIDO-2024-10485
electron is vulnerable to Cross-site Scripting (XSS)
65
Medium Risk
This Affects:
electronTL;DR
An inappropriate implementation in Google Chrome Extensions, in versions prior to 131.0.6778.69, allows a remote attacker to bypass site isolation by leveraging a crafted Chrome extension. Site isolation is a security feature designed to separate web content from different domains into separate processes, limiting the impact of vulnerabilities and preventing cross-origin data leaks. By exploiting this flaw, an attacker can bypass these protections, potentially accessing or manipulating data from different origins. This vulnerability poses a significant risk as it undermines Chrome's built-in defenses against attacks like cross-site scripting (XSS) and cross-origin data theft. The issue has been classified with a MEDIUM severity rating by the Chromium security team.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
electron is vulnerable to Cross-site Scripting (XSS) in versions 31.0.0 - 31.7.4, 32.0.0 - 32.2.4 and 33.0.0 - 33.2.0.
How to fix this
Upgrade the electron library to a patch version.
Links
GitHub Release
Get Secure Now
Secure your code, cloud, and runtime environments in one central system. Find and fix vulnerabilities automatically.
No credit card required | Scan results in 32secs.
SOC 2Compliant
ISO 27001Compliant