{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/powermonitor/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["electron","use-after-free","vulnerability","powermonitor","windows","macos"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA use-after-free vulnerability has been identified in the \u003ccode\u003epowerMonitor\u003c/code\u003e module of Electron versions prior to 38.8.6, between 39.0.0-alpha.1 and 39.8.1, between 40.0.0-alpha.1 and 40.8.0, and between 41.0.0-alpha.1 and 41.0.0-beta.8. This vulnerability occurs when the native \u003ccode\u003ePowerMonitor\u003c/code\u003e object is garbage-collected, but associated OS-level resources (message window on Windows, shutdown handler on macOS) retain dangling references. This issue can lead to a crash or memory corruption when a session-change event on Windows or system shutdown on macOS attempts to dereference the freed memory. All Electron applications that utilize the \u003ccode\u003epowerMonitor\u003c/code\u003e module and its events (e.g., \u003ccode\u003esuspend\u003c/code\u003e, \u003ccode\u003eresume\u003c/code\u003e, \u003ccode\u003elock-screen\u003c/code\u003e) are potentially vulnerable. Defenders should prioritize patching Electron to the fixed versions to mitigate the risk.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn Electron application is built using a vulnerable version of Electron (e.g., 38.8.5).\u003c/li\u003e\n\u003cli\u003eThe application utilizes the \u003ccode\u003epowerMonitor\u003c/code\u003e module to listen for system power events.\u003c/li\u003e\n\u003cli\u003eThe application runs on a Windows or macOS system.\u003c/li\u003e\n\u003cli\u003eThe native \u003ccode\u003ePowerMonitor\u003c/code\u003e object is garbage-collected by the JavaScript engine. The associated OS-level resources on Windows (message window) or macOS (shutdown handler) are not properly released.\u003c/li\u003e\n\u003cli\u003eA session-change event occurs on Windows (e.g., user lock/unlock) or a system shutdown is initiated on macOS.\u003c/li\u003e\n\u003cli\u003eThe OS attempts to notify the previously freed \u003ccode\u003ePowerMonitor\u003c/code\u003e object about the session change or shutdown event.\u003c/li\u003e\n\u003cli\u003eThe OS dereferences the dangling pointer, leading to a use-after-free condition.\u003c/li\u003e\n\u003cli\u003eThe application crashes or experiences memory corruption, potentially leading to denial of service or other undefined behavior.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this use-after-free vulnerability can lead to application crashes and potential memory corruption. The impact affects any Electron application that uses the \u003ccode\u003epowerMonitor\u003c/code\u003e module, potentially disrupting application functionality and causing data loss. The vulnerability affects all platforms where Electron applications are deployed, specifically Windows and macOS. The severity is high due to the potential for application instability and the lack of application-side workarounds, requiring a patch to the Electron framework itself.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Electron to a patched version (41.0.0-beta.8, 40.8.0, 39.8.1, or 38.8.6) to resolve the use-after-free vulnerability in the \u003ccode\u003epowerMonitor\u003c/code\u003e module.\u003c/li\u003e\n\u003cli\u003eMonitor application crash logs for indicators of use-after-free conditions, especially following session-change events on Windows or system shutdowns on macOS.\u003c/li\u003e\n\u003cli\u003eImplement application monitoring to detect unexpected memory corruption events, which could be a sign of successful exploitation.\u003c/li\u003e\n\u003cli\u003eContact \u003ca href=\"mailto:security@electronjs.org\"\u003esecurity@electronjs.org\u003c/a\u003e for any questions or comments about the advisory.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-03T02:39:52Z","date_published":"2026-04-03T02:39:52Z","id":"/briefs/2024-01-29-electron-use-after-free/","summary":"A use-after-free vulnerability exists in the `powerMonitor` module of Electron applications on Windows and macOS. When the native `PowerMonitor` object is garbage-collected, dangling references are retained by OS-level resources. Subsequent session-change events on Windows or system shutdowns on macOS may dereference freed memory, potentially leading to a crash or memory corruption.","title":"Electron Use-After-Free Vulnerability in PowerMonitor Module","url":"https://feed.craftedsignal.io/briefs/2024-01-29-electron-use-after-free/"}],"language":"en","title":"CraftedSignal Threat Feed — Powermonitor","version":"https://jsonfeed.org/version/1.1"}