AIKIDO-2025-10189
electron is vulnerable to Sandbox Escape
84
High Risk
This Affects:
electronTL;DR
Affected versions of this package are affected by an incorrect handle issue in Mojo in Google Chrome on Windows before 134.0.6998.177, where a remote attacker could exploit this vulnerability by tricking the sandbox validation when opening a malicious file, leading to a sandbox escape and potentially arbitrary code execution in the context of the host system. (Chromium security severity: High)
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
electron is vulnerable to Sandbox Escape in versions 33.0.0 - 33.4.7, 34.0.0 - 34.4.0 and 35.0.0 - 35.1.1.
How to fix this
Upgrade the electron library to a patch version.
Links
GitHub Release
Other
chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_25.htmlissues.chromium.org/issues/405143032cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-2783
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant