electron is vulnerable to privilege escalation. When the nodeIntegrationInSubFrames
enable, An attacker can get access to a new renderer process within JS execution, and if the application exposes IPC messages without IPC senderFrame
validation, leading to gaining access to confidential data in ipcRenderer
github.com/electron/electron/commit/6b04cce91ad1563bd9555f2007a2ad5aa5487304
github.com/electron/electron/commit/6d9f3a494596d6b3e30938af9deb2c79f1c7f797
github.com/electron/electron/commit/e9fa834757f41c0b9fe44a4dffe3d7d437f52d34
github.com/electron/electron/commit/ea1f402417022c59c0794e97c87e6be2553989e7
github.com/electron/electron/pull/32815
github.com/electron/electron/pull/33323
github.com/electron/electron/pull/33323
github.com/electron/electron/pull/33344
github.com/electron/electron/pull/33350
github.com/electron/electron/pull/33350
github.com/electron/electron/pull/33367
github.com/electron/electron/security/advisories/GHSA-mq8j-3h7h-p8g7