A critical vulnerability affecting Electron desktop apps has been disclosed.

Electron is a node.js, V8, and Chromium framework created for the development of cross-platform desktop apps with JavaScript, HTML, and CSS.

Compatible with Mac, Linux, and Windows operating systems, the recently-discovered bug impacts Windows alone.

The critical vulnerability affects Electron apps which use custom protocol handlers. Assigned the identifier CVE-2018-1000006, the vulnerability is present in Electron apps which register themselves as the default handler for a protocol, such as myapp://.

Despite how the protocol is registered -- whether with native code, the Windows registry, or Electron's app.setAsDefaultProtocolClient API, apps may still be vulnerable to compromise.

If exploited, the vulnerability permits attackers to remotely execute code, potentially leading to app hijacking and data loss...


Read more: Electron critical vulnerability strikes app developers | ZDNet