CVE-2017-16151

Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the sandbox option is enabled.

Published: Jun 7, 2018
Updated: May 9, 2024
CVE: CVE-2017-16151
GHSA: GHSA-4w88-rjj3-x7wp
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
electronjs / electron	-	1.7.8
electron	-	1.6.14
electron	1.7.0	1.7.8

https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix
https://electronjs.org/blog/chromium-rce-vulnerability
https://nodesecurity.io/advisories/539
https://www.npmjs.com/advisories/539

Vulnerability Database

289,697

CVE-2017-16151