๐ Internet Bug Bounty: Disabling context isolation, nodeIntegrationInSubFrames using an unauthorised frame.
๐ก Newskategorie: Sicherheitslรผcken
๐ Quelle: vulners.com
Details can be found in the following github advisory: https://github.com/electron/electron/security/advisories/GHSA-mq8j-3h7h-p8g7 Impact Using a renderer exploit, context isolation and nodeIntegrationInSubFrames can be disabled, which enables an attacker to leak IPC module and communicate with the more privileged main process which might eventually lead to Remote Code Execution if there are sensitive IPC handlers on main... ...