Electron Use-After-Free Vulnerability in Download Save Dialog

A use-after-free vulnerability has been identified in Electron applications that allow downloads and programmatically destroy sessions. This issue arises when a session is terminated while a native save-file dialog is open for a download. Dismissing the dialog in this state can dereference freed memory, potentially leading to a crash or memory corruption. Applications that do not destroy sessions at runtime or those that do not permit downloads are not affected. The vulnerability exists in Electron versions prior to 38.8.6, versions 39.0.0-alpha.1 through 39.8.0, versions 40.0.0-alpha.1 through 40.7.0, and versions 41.0.0-alpha.1 through 41.0.0-beta.7.

Impact

Exploitation of this vulnerability can cause a crash or memory corruption in the application.

Remediation

Users can upgrade to Electron versions 38.8.6, 39.8.0, 40.7.0, or 41.0.0-beta.7 to address this vulnerability. For those using affected versions, it is recommended to avoid destroying sessions while a download save dialog may be open, and to cancel any pending downloads before tearing down the session.