Electron Unquoted Path Vulnerability in Login Item Settings on Windows

A vulnerability exists in Electron prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, allowing for potential exploitation on Windows systems. The issue arises because the 'app.setLoginItemSettings' function, when set to open at login, writes the executable path to the Run registry key without proper quotation. This oversight can be exploited if the application is installed in a directory path that includes spaces. An attacker with write access to a parent directory may redirect the login execution to a different application instead of the intended one. Typically, standard users cannot write to default system directories, so such exploitation would require a non-standard installation location.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of a different application at login, bypassing the intended application.

Remediation

Users can mitigate this vulnerability by installing the application in a directory path that does not contain spaces or in a location where all parent directories are secured against unauthorized write access.