Skip Navigation

PSA: a recently-fixed image parsing vulnerability in Chrome (and things that use Chrome, such as Electron apps) is being actively exploited in the wild. install your updates!

Chrome was updated September 11

Electron updated September 12

Matrix Element Desktop updated September 15, without a changelog or advisory. (The Element update on September 13 did not include the updated electron with the fix; today's update does, according to their announcement on Matrix.)

Many/most electron apps don't receive timely security updates, so if you don't want arbitrary images to be able to get code execution you might want to stop using them.

33

You're viewing a single thread.

33 comments
You've viewed 33 comments.