electron is vulnerable to authorization bypass. The vulnerability exists as it was possible to bypass a context isolation through contextBridge
, causing code in main world context to reach the isolated context with higher privileges.
github.com/advisories/GHSA-h9jc-284h-533g
github.com/electron/electron/commit/b8e347709245d2dc5640fbb3044d9b21b4eaa6b0
github.com/electron/electron/commit/c87b474496c35580ebbeab13f9c8c982b4eab4d3
github.com/electron/electron/security/advisories/GHSA-h9jc-284h-533g
www.electronjs.org/releases/stable?page=3#release-notes-for-v824