Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/TomSellers/statuses/111126352647377681">Tom Sellers (tomsellers@infosec.exchange)'s status on Tuesday, 26-Sep-2023 23:55:12 JST</a><a href="https://infosec.exchange/@TomSellers" title="tomsellers@infosec.exchange"><img src="https://gnusocial.jp/avatar/179340-48-20240206221841.webp" width="48" height="48" alt="Tom Sellers" style="position: absolute; left: 0; top: 0;">Tom Sellers</a><div><a href="https://infosec.exchange/@TomSellers/111126339492371432" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article><p>The patched (fixed) versions of Electron are</p><p>Electron v22.3.24, v24.8.3, v25.8.1 - released September 13 and fixes CVE-2023-4863 as well as CVE-2023-4763, CVE-2023-4762, and CVE-2023-4761</p><p>Electron v26.2.1          - released September 13 and updates Chrome. Fixes the CVEs but does not call them out</p><p>Here are the fixed versions of some other common software:</p><p>GitHub Desktop v3.3.3  - bumps Electron to v24.8.3 which fixes CVE-2023-4863</p><p>VS Code 1.82.2         - bumps Electron to v25.8.1 which fixes CVE-2023-4863</p><p>Signal Desktop v6.30.2 - bumps Electron to v25.8.1 which fixes CVE-2023-4863</p><p>Slack v4.34.119        - bumps Electron to v26.2.1, indicates a security fix but doesn't label it with its highest risk label</p><p>Apple iOS    16.7, 17.0.1<br>Apple iPadOS 16.7, 17.0.1<br>Apple macOS Ventura 13.6<br>Apple macOS Monterey 12.7<br>Apple watchOS 9.6.3, 10.0.1<br>Apple Safari 16.6.1</p><p>Google Chrome 116.0.5845.187 for Mac and Linux and 116.0.5845.187/.188 for Windows</p><p>Mozilla Firefox 117.0.1, ESR 102.15.1, ESR 115.2.1<br>Mozilla Thunderbird 102.15.1, 115.2.2</p><p>Edit: Added Electron v22.3.24 to the patched list. Thanks <a href="https://me.dm/@delfuego" rel="nofollow noreferrer">@delfuego</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2102750#notice-4134560">In conversation</a><time datetime="2023-09-26T23:55:12+09:00" title="Tuesday, 26-Sep-2023 23:55:12 JST">Tuesday, 26-Sep-2023 23:55:12 JST</time> <span>from <span><a href="https://infosec.exchange/@TomSellers/111126352647377681" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@TomSellers/111126352647377681">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Tom Sellers (tomsellers@infosec.exchange)'s status on Tuesday, 26-Sep-2023 23:55:12 JSTTom Sellers
in reply to
- Jason Levine
The patched (fixed) versions of Electron are
Electron v22.3.24, v24.8.3, v25.8.1 - released September 13 and fixes CVE-2023-4863 as well as CVE-2023-4763, CVE-2023-4762, and CVE-2023-4761
Electron v26.2.1 - released September 13 and updates Chrome. Fixes the CVEs but does not call them out
Here are the fixed versions of some other common software:
GitHub Desktop v3.3.3 - bumps Electron to v24.8.3 which fixes CVE-2023-4863
VS Code 1.82.2 - bumps Electron to v25.8.1 which fixes CVE-2023-4863
Signal Desktop v6.30.2 - bumps Electron to v25.8.1 which fixes CVE-2023-4863
Slack v4.34.119 - bumps Electron to v26.2.1, indicates a security fix but doesn't label it with its highest risk label
Apple iOS 16.7, 17.0.1
Apple iPadOS 16.7, 17.0.1
Apple macOS Ventura 13.6
Apple macOS Monterey 12.7
Apple watchOS 9.6.3, 10.0.1
Apple Safari 16.6.1
Google Chrome 116.0.5845.187 for Mac and Linux and 116.0.5845.187/.188 for Windows
Mozilla Firefox 117.0.1, ESR 102.15.1, ESR 115.2.1
Mozilla Thunderbird 102.15.1, 115.2.2
Edit: Added Electron v22.3.24 to the patched list. Thanks @delfuego
In conversationTuesday, 26-Sep-2023 23:55:12 JST from infosec.exchangepermalink

Public

Embed Notice

HTML Code

Corresponding Notice