Electron is an open-source framework that allows developers to create desktop applications such as JavaScript, HTML and CSS.
Regarding the vulnerability in the Electron Framework, it could have a direct impact on Skype, Signal, Slack, GitHub Desktop, Twitch, Visual Studio Code, Github Desktop and WordPress.com applications.
Hackers could execute code remotely
“A remote code execution vulnerability has been discovered affecting Electron applications that use custom protocol handlers, which has been assigned to the CVE-2018-1000006 CVE.” States the Electron team.
However, macOS and Linux users are not vulnerable to the problem.
A solution to avoid exploiting the vulnerability.
“If you can not update your Electron version, you can add” – “as the last argument when calling app.setAsDefaultProtocolClient, which prevents Chromium from scanning other options. The double dash “-” means the end of the command options, after which only the position parameters are accepted, “explains Electron.
We invite you to update your application immediately to avoid any problems.
