Electron Offscreen Rendering Use-After-Free Vulnerability in Child Windows
Vulnerability
A use-after-free vulnerability has been identified in Electron applications that use offscreen rendering and allow child windows via window.open(). This issue arises when the parent offscreen WebContents is destroyed while a child window remains open, leading to subsequent paint frames on the child dereferencing freed memory. This can cause a crash or memory corruption. The vulnerability affects Electron versions prior to 39.8.1, versions 40.0.0-alpha.1 through 40.7.0, and versions 41.0.0-alpha.1 through 41.0.0.
Impact
Exploitation of this vulnerability can lead to a use-after-free condition, causing crashes or memory corruption in the application.
Remediation
To address this vulnerability, Electron applications can be updated to version 39.8.1, 40.7.0, or 41.0.0. Alternatively, child window creation from offscreen renderers can be denied in the setWindowOpenHandler, or developers can ensure that child windows are closed before the parent is destroyed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.