find /Applications -type f -name '*Electron Framework*' -exec \
perl -Mversion=0.77 -nE \
'@safe = map version->parse($_), qw(22.3.24 24.8.3 25.8.1 26.2.1);
next unless m{Chrome/[0-9.]+ Electron/([0-9.]+)}; $ver = version->parse($1);
if ($ver < (grep int $_->numify >= int $ver->numify, @safe)[0]) {
say "vulnerable Electron $ver found in $ARGV"; next
}' {} \;
Output, with VIA 3.0.0 (latest) installed:
vulnerable Electron 23.1.2 found in /Applications/VIA.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Electron Framework
According to this script courtesy of https://social.sdf.org/@mjgardner/111126922716051872, the version of Electron used in the VIA app is vulnerable to CVE-2023-4863.
Output, with VIA 3.0.0 (latest) installed: