Cve-2019-5786


#1

Is Electron or Atom affected by the latest CVE? If so will there be a fixed version soon?

Thanks!!


#2

According to this article, the vulnerability exists in Chrome’s FileReader, which shouldn’t impact Electron applications since they should be using Node APIs for all filesystem activities. I would not expect the FileReader code to have been included in Electron at all, since the parts of Chrome that Electron uses are the display and JavaScript engine. If it is, and there’s an Electron app that uses it instead of Node’s fs, then that specific app definitely could be vulnerable.