Chromium vulnerabilities threaten Electron app security

Chromium vulnerabilities threaten Electron app security 600x300 1

In the past week, we have seen two serious vulnerabilities for the Chromium web browser codebase used in browsers such as Chrome, Edge, Brave, Opera, and Vivaldi. Both of these vulnerabilities have been observed to be used in the wild; in other words, they have been actively exploited. Updating these browsers is essential for user security.

Google Chrome, Microsoft Edge, and Vivaldi all patched the first vulnerability on April 14. Brave updated its browser the following day, and Opera waited until April 18 to release an update. The second vulnerability led to updates to Chrome, Edge, Brave, and Vivaldi on April 19. Opera has not, at the time of this writing, patched the second vulnerability.

But what many users may not realize is that lots of other apps that aren’t web browsers also use the Chromium browser codebase, and may be impacted by Chromium security issues. Apps based on the popular Electron framework are of particular concern because it’s used by many popular apps, as we will explore below. Here’s what you need to know—whether you’re a user or a developer of Electron apps.

Read the rest of the article on The Mac Security Blog.