Electron Use-After-Free Vulnerability in Permission Request Handling

A use-after-free vulnerability has been identified in Electron applications that register an asynchronous permission request handler. This issue affects versions of Electron prior to 38.8.6, versions 39.0.0-alpha.1 through 39.8.0, versions 40.0.0-alpha.1 through 40.7.0, and versions 41.0.0-alpha.1 through 41.0.0-beta.8. The vulnerability arises when handling fullscreen, pointer-lock, or keyboard-lock permission requests. If the requesting frame navigates or the window closes while the permission handler is pending, invoking the stored callback can dereference freed memory, potentially leading to a crash or memory corruption. Applications that do not set a permission request handler or whose handler responds synchronously are not affected.

Impact

Exploitation of this vulnerability can cause a crash or memory corruption in the application.

Remediation

To address this vulnerability, users can update to Electron versions 38.8.6, 39.8.0, 40.7.0, or 41.0.0-beta.8. Alternatively, permission requests can be responded to synchronously, or fullscreen, pointer-lock, and keyboard-lock requests can be denied if an asynchronous flow is required.