Tom SellersRoughly 2 weeks ago Google patched a critical vulnerability, CVE-2023-4863, that was being exploited in the wild. The broad impact of the root cause of the vuln and the fact that it will have a long tail of unpatched software has been poorly communicated. You can read more in @dangoodin 's excellent article on Ars Technica.
As pointed out in the article above, Electron is based on Chromium and is impacted. Electron is bundled in a ton of apps that people might overlook.
I threw together the following shell command to help macOS audit which versions of Electron apps are installed.
find /Applications -type f -name "*Electron Framework*" -exec \sh -c "echo \"{}\" && strings \"{}\" | grep '^Chrome/[0-9.]* Electron/[0-9]' | head -n1 && echo " \;
When run, you should see something similar to the following:
/Applications/Visual Studio Code.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Electron FrameworkChrome/114.0.5735.289 Electron/25.8.1
/Applications/Slack.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Electron Framework
Chrome/116.0.5845.188 Electron/26.2.1
#Security #Electron #CVE20234863 #CVE-2023-4863
All GNU social JP content and data are available under the