CVE-2017-16151
CRITICALElectron < 1.7.8 and < 1.6.14 - Remote Code Execution via Chromium Vulnerability
Title source: llmDescription
Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled.
References (2)
Core 2
Core References
Broken Link x_refsource_misc
https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix
Third Party Advisory x_refsource_misc
https://nodesecurity.io/advisories/539
Scores
CVSS v3
9.8
EPSS
0.0272
EPSS Percentile
84.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-94
Status
published
Products (2)
electronjs/electron
< 1.7.8
npm/electron
0 - 1.6.14npm
Published
Jun 07, 2018
Tracked Since
Feb 18, 2026