CVE-2022-29247 Electron is a framework for writing desktop applications using JavaScript, HTML, and CSS.

CVE-2022-29247 Electron is a framework for writing desktop applications using JavaScript, HTML, and CSS.

However, the fix may have the unfortunate side effect of causing your application to no longer be sandboxed. If you are using a package manager such as apt, pip, brew, or conda to install Electron, make sure to check the release notes of each package as some of these may have already patched the issue. Additionally, this may be an issue with your application. If it is a web application, then make sure it has the correct permissions to access IPC. If it is a native application, then make sure that it does not expose privileged actions to IPC. If you are using a version of Electron prior to 18.0.0-beta.6, 17.2.0, 16.2.6, or 15.5.5, then you should consider upgrading to a newer version.

Is your app sandboxed?

Electron applications are not sandboxed by default. Developers should use the Platform API to enable sandboxing in their application. This can be done by setting the following environment variable: ELECTRON_ACCESS_TOKEN=

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe