Disabling context isolation, nodeIntegrationInSubFrames using an unauthorised frame.

Disclosed: 2022-08-11 23:08:15 By s1r1u5 To ibb
Medium
Vulnerability Details
Details can be found in the following github advisory: https://github.com/electron/electron/security/advisories/GHSA-mq8j-3h7h-p8g7 ## Impact Using a renderer exploit, context isolation and nodeIntegrationInSubFrames can be disabled, which enables an attacker to leak IPC module and communicate with the more privileged main process which might eventually lead to Remote Code Execution if there are sensitive IPC handlers on main process.
Actions
View on HackerOne
Report Stats
  • Report ID: 1647287
  • State: Closed
  • Substate: resolved
  • Upvotes: 12
Share this report