Electron-based desktop apps were examined by a group of researchers from multiple companies, who later found flaws in several commonly used pieces of software.
Cross-platform desktop programmes are made using the free and open source framework Electron.
. Some extremely well-liked programmes, such Microsoft Teams, WhatsApp, and Slack, have been created using it.
The ElectroVolt research project, which focuses on Electron apps, revealed its findings last week at the Black Hat conference.
According to one of the researchers on the project and security expert at Cure53 Mohan Sri Rama Krishna Pedhapati, they have found vulnerabilities in 18 applications. All affected suppliers have been notified and have made fixes available.
Microsoft Teams, Discord, Visual Studio Code, Basecamp, Mattermost, Element, Notion, JupyterLab, and Rocket all have security flaws. Chat is one example.
Almost all exploits, many of which combine a number of vulnerabilities, can result in remote code execution on the targeted system. The white hat hackers discovered a local file read problem in Microsoft Teams.
A link click or simple access to a certain area of the application are frequently all that's needed from the user to start the exploits. Users frequently click on items and open messages in Electron apps, according to the researchers, who predicted such an assault would have a high success rate.
The majority of the faults have been classified as "serious," and the researchers received compensation of almost $60,000 for reporting them to the appropriate vendors.
The researchers published individual blog articles outlining some of the Electrovolt vulnerabilities in addition to presenting their findings at Black Hat. There are also movies and proof-of-concept (PoC) code that demonstrate some of the exploits.
