Tag

Electron

3 briefs RSS

Electron VideoFrame Context Isolation Bypass Vulnerability (CVE-2026-34780)

A context isolation bypass vulnerability exists in Electron applications that bridge VideoFrame objects via contextBridge, potentially allowing an attacker with JavaScript execution in the main world to access the isolated world and Node.js APIs.

electron context-isolation javascript xss CVE-2026-34780 defense-evasion privilege-escalation

2r 2t 1c Apr 4, 2026

high advisory

Electron Use-After-Free Vulnerability in Offscreen Rendering with Child Windows

2 rules 1 IOC

A use-after-free vulnerability (CVE-2026-34774) exists in Electron applications using offscreen rendering and allowing child windows, potentially leading to crashes or memory corruption if the parent WebContents is destroyed before the child window.

electron use-after-free vulnerability cve-2026-34774

2r 1i Apr 3, 2026

high advisory

Electron Use-After-Free Vulnerability in PowerMonitor Module

2 rules 1 TTP 1 IOC

A use-after-free vulnerability exists in the `powerMonitor` module of Electron applications on Windows and macOS. When the native `PowerMonitor` object is garbage-collected, dangling references are retained by OS-level resources. Subsequent session-change events on Windows or system shutdowns on macOS may dereference freed memory, potentially leading to a crash or memory corruption.

electron use-after-free vulnerability powermonitor windows macos

2r 1t 1i Apr 3, 2026