ToDesktop Builder Improper Permissions Vulnerability in Custom URL Scheme Handler
Vulnerability
A vulnerability allowing improper permissions in the Custom URL Scheme handler has been identified in ToDesktop Builder versions prior to 0.33.0. This issue allows attackers with access to the renderer context to invoke external protocol handlers without adequate validation. The vulnerability arises because the ToDesktop API available in the renderer context did not have sufficient permission checks, enabling unauthorized actions such as opening arbitrary URLs in the user's browser or other external applications.
Impact
Exploitation of this vulnerability could lead to unauthorized actions being performed via the ToDesktop API, such as invoking external protocol handlers to open URLs in the user's browser or other applications.
Remediation
Users with automatic security updates enabled have already received the patch. For those who have disabled automatic updates, ToDesktop Builder version 0.33.0 should be installed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.