| ▲ | nicoburns 4 hours ago | |
I imagine that looks pretty bad. On the other hand, Electron apps often aren't running untrusted code, which makes it quite a bit harder to exploit. | ||
| ▲ | nolist_policy 2 hours ago | parent | next [-] | |
Yep. JavaScript VM breakout, Sandbox breakout and spectre/meltdown side channel leaks are all tracked as vulnerabilities towards Electron while ordinary apps don't even have such security features. | ||
| ▲ | josefx 3 hours ago | parent | prev [-] | |
Didn't some get exploited early on because electron made it trivial to load third party websites without any kind of XSS protection? | ||