AIKIDO-2025-10350
electron is vulnerable to Out-of-bounds Read
88
High Risk
This Affects:
electronTL;DR
Out-of-bounds read and write vulnerabilities in V8 in Google Chrome prior to version 137.0.7151.68 allow remote attackers to potentially exploit heap corruption by tricking users into opening a specially crafted HTML page. This issue could lead to arbitrary code execution and is rated as High severity by the Chromium security team.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
electron is vulnerable to Out-of-bounds Read in versions 34.0.0 - 34.5.7, 35.0.0 - 35.5.0 and 36.0.0 - 36.3.2.
How to fix this
Upgrade the electron library to the patch version.
Links
GitHub Release
Other
chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop.htmlissues.chromium.org/issues/420636529msrc.microsoft.com/update-guide/vulnerability/CVE-2025-5419cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-5419
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant