CVE-2017-16151

moderate-risk
Published 2018-06-07

Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled.

Do I need to act?

~
2.7% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: 01ca2252cd5410c34c7e794672c7b59de301b4d4
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Electronjs

References (4)

Broken Link https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix
Third Party Advisory https://nodesecurity.io/advisories/539
Broken Link https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix
Third Party Advisory https://nodesecurity.io/advisories/539
43
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 6/34 · Minimal
Exposure 5/34 · Minimal