vladimiry
commented
2 years ago Seems like a pretty severe exploit.
For a browser yes, very severe stuff.
Is ElectronMail affected?
@electron of course comes with @chromium built-in but ElectronMail is not used as a regular browser. Meaning the app is not loading a random/potentially malicious html/js stuff from the internet but only static content predefined by @ProtonMail in https://github.com/ProtonMail/WebClients. So I think the current app release is fine unless @ProtonMail injected some malicious stuff into https://github.com/ProtonMail/WebClients which I don't believe they would be doing.
But still I'm also ok to publish a new version with updated @electron fairly quickly since I keep the wip updated with the recent https://github.com/ProtonMail/WebClients changes and dependencies updates.
arch-btw
Hi @vladimiry ,
Is ElectronMail affected? Seems like a pretty severe exploit.
Official announcement: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html
More info: https://thehackernews.com/2022/03/google-issues-urgent-chrome-update-to.html
Electron 15 PR: https://github.com/electron/electron/pull/33473
Electron 16 PR: https://github.com/electron/electron/pull/33472