Summary
Zero-day security vulnerability https://nvd.nist.gov/vuln/detail/CVE-2023-4863 impacts all electron apps.
Details
Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
PoC
Currently, altair-graphql is using electron version 19.0.10, which has reached end of life support and will require upgrading electron to one of the following versions to get this fix.
Please upgrade Electron to the latest version; for example, the following contains the electron fixes for this vulnerability:
• Electron v22.3.24
• Electron v24.8.3
• Electron v25.8.1
• Electron v26.2.1
Impact
Chromium vulnerability which also impacts all electron applications.
Summary
Zero-day security vulnerability https://nvd.nist.gov/vuln/detail/CVE-2023-4863 impacts all electron apps.
Details
Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
PoC
Currently, altair-graphql is using electron version 19.0.10, which has reached end of life support and will require upgrading electron to one of the following versions to get this fix.
Please upgrade Electron to the latest version; for example, the following contains the electron fixes for this vulnerability:
• Electron v22.3.24
• Electron v24.8.3
• Electron v25.8.1
• Electron v26.2.1
Impact
Chromium vulnerability which also impacts all electron applications.