AIKIDO-2026-10514
electron is vulnerable to Heap-based Buffer Overflow
97
Critical Risk
This Affects:
electronTL;DR
Backported multiple upstream Google Chrome security fixes addressing CVE-2026-6296, CVE-2026-6297, CVE-2026-6298, CVE-2026-6299, CVE-2026-6358, CVE-2026-6359, CVE-2026-6300, CVE-2026-6301, CVE-2026-6302, CVE-2026-6303, CVE-2026-6304, CVE-2026-6306, CVE-2026-6307, CVE-2026-6308, CVE-2026-6309, CVE-2026-6360, CVE-2026-6311, CVE-2026-6312, CVE-2026-6313, CVE-2026-6314, CVE-2026-6316, CVE-2026-6318, CVE-2026-6361, CVE-2026-6362, and CVE-2026-6363, resolving multiple memory safety, type confusion, use-after-free, out-of-bounds access, and insufficient validation issues that could allow remote code execution, sandbox escape, information disclosure, or browser crashes via crafted web content.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
electron is vulnerable to Heap-based Buffer Overflow in versions 39.0.0 - 39.8.8, 40.0.0 - 40.9.1 and 41.0.0 - 41.2.1.
How to fix this
Upgrade the electron library to the patch version.
Links
GitHub Release
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant