Electron Offscreen Rendering Use-After-Free Vulnerability in Shared Textures

A use-after-free vulnerability has been identified in Electron applications that use offscreen rendering with GPU shared textures. This issue affects Electron versions 33.0.0-alpha.1 prior to 39.8.5, as well as versions 40.0.0-alpha.1 prior to 40.8.5, 41.0.0-alpha.1 prior to 41.1.0, and 42.0.0-alpha.1 prior to 42.0.0-alpha.5. The vulnerability arises when the release() callback for a paint event texture outlives its associated native state, leading to dereferencing of freed memory in the main process. This can cause crashes or memory corruption. Applications not using shared-texture offscreen rendering are not affected.

Impact

Exploitation of this vulnerability can lead to a use-after-free condition, causing dereferencing of freed memory in the main process, which may result in a crash or memory corruption.

Remediation

To address this vulnerability, ensure that texture.release() is called promptly after the texture has been consumed, before the texture object becomes unreachable. The vulnerability has been fixed in Electron versions 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5.