As part of an engagement for one of our clients, we analyzed the patch for the recent Electron Windows Protocol handler RCE bug (CVE-2018-1000006) and identified a bypass. Under certain circumstances, this bypass leads to session hijacking and remote code execution. The vulnerability is triggered by simply visiting a web page through a browser. Electron apps designed to run […]
Security experts have discovered a vulnerability in the Electron software framework that has been used for building a large number of popular desktop applications. Popular desktop applications, including Skype, Slack, GitHub Desktop, Twitch, WordPress.com, and others, are potentially affected. Electron is a node.js, V8, and Chromium open-source framework that allows developers to use web technologies such as […]