CyberSec.Space Logo
Back to CVE Browser

CVE-2017-16151

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0140%
EPSS Percentile8.70th
PublishedJun 7, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled.

Affected Platforms (CPE)

πŸ“¦
Electronjs

Electron

< 1.7.8

References & Advisories

πŸ”— https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix
πŸ”— https://nodesecurity.io/advisories/539
πŸ”— https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix
πŸ”— https://nodesecurity.io/advisories/539

Related Vulnerabilities

CVE-2020-188910.0

A security feature bypass issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed for sandbox escape in Electron ...

CVE-2008-311610.0

Format string vulnerability in dx8render.dll in Snail Game (aka Suzhou Snail Electronic Company) 5th street (aka Hot Step or High ...

CVE-2020-1207910.0

Beaker before 0.8.9 allows a sandbox escape, enabling system access and code execution. This occurs because Electron context isola...

CVE-2008-509010.0

Electron Inc. Advanced Electron Forum before 1.0.7 allows remote attackers to execute arbitrary PHP code via PHP code embedded in ...