Skip to content

Context isolation bypass via Promise.then bug in V8

High
MarshallOfSound published GHSA-6vrv-94jv-crrg Jul 6, 2020

Package

npm electron (npm)

Affected versions

>=9.0.0-beta.0 <=9.0.0-beta.20 || >=8.0.0-beta.0 <=8.2.3 || >= 7.0.0-beta < =7.2.3 || >= 6.0.0-beta.0 <= 6.1.10 || <= 6

Patched versions

9.0.0-beta.21, 8.2.4, 7.2.4, 6.1.11

Description

Impact

Apps using contextIsolation are affected.

This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.

Workarounds

There are no app-side workarounds, you must update your Electron version to be protected.

Fixed Versions

  • 9.0.0-beta.21
  • 8.2.4
  • 7.2.4
  • 6.1.11

For more information

If you have any questions or comments about this advisory:

Severity

High

CVE ID

CVE-2020-15096

Weaknesses

No CWEs

Credits