[ASA-201911-7] electron: arbitrary code execution
Arch Linux Security Advisory ASA-201911-7 ========================================= Severity: Critical Date : 2019-11-04 CVE-ID : CVE-2019-13720 Package : electron Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1061 Summary ======= The package electron before version 7.0.1-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 7.0.1-1. # pacman -Syu "electron>=7.0.1-1" The problem has been fixed upstream in version 7.0.1. Workaround ========== None. Description =========== A use-after-free vulnerability has been found in the audio component of the chromium browser before 78.0.3904.87. Google is aware of reports that an exploit for this vulnerability exists in the wild. Impact ====== A remote attacker can execute arbitrary code on the affected host. References ========== https://github.com/electron/electron/commit/25b3ee29cf9a8e3f59dcbabf7345b5b1... https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desk... https://crbug.com/1019226 https://security.archlinux.org/CVE-2019-13720
participants (1)
-
Remi Gacogne