Electron critical vulnerability strikes app developers


A critical vulnerability affecting Electron desktop apps has been disclosed.

Electron is a node.js, V8, and Chromium framework created for the development of cross-platform desktop apps with JavaScript, HTML, and CSS.

Compatible with Mac, Linux, and Windows operating systems, the recently-discovered bug impacts Windows alone.

The critical vulnerability affects Electron apps which use custom protocol handlers. Assigned the identifier CVE-2018-1000006, the vulnerability is present in Electron apps which register themselves as the default handler for a protocol, such as myapp://.

Read more…
Source: ZDNet