CVE-2017-16151

CRITICAL

Electron < 1.7.8 and < 1.6.14 - Remote Code Execution via Chromium Vulnerability

Title source: llm
STIX 2.1

Description

Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled.

References (2)

Core 2
Core References
Third Party Advisory x_refsource_misc
https://nodesecurity.io/advisories/539

Scores

CVSS v3 9.8
EPSS 0.0272
EPSS Percentile 84.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-94
Status published
Products (2)
electronjs/electron < 1.7.8
npm/electron 0 - 1.6.14npm
Published Jun 07, 2018
Tracked Since Feb 18, 2026