Monday 14 May 2018
Electron is a popular framework for building cross-platform desktop applications using web technologies. The tool was created by GitHub, and is the basis of several popular apps like Slack, Visual Studio Code, Discord, and the Atom text editor. And until very recently, it suffered from a vulnerability that could have allowed an adversary to execute their own arbitrary code on a victim’s computer. The vulnerability, CVE-2018-1000136, was spotted by Trustwave’s eagle-eyed security researcher, Brendan Scarvell. It affects versions of Electron below 1.7.13, 1.8.4, or 2.0.0-beta.3. Thankfully, the Electron team has issued a fix, although it’s up to individual developers to implement…
This story continues at The Next Web
