We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Recently I have seen an increase in people using the ability to enable the communication of the inspector mechanism of Node.js (applies to Electron based apps) to execute/spawn host applications. It has taken a few more publicity the topic https://twitter.com/evilsocket/status/1564286074536738816 lately and https://github.com/evilsocket/jscythe.
The current behavior in the tweet is patched electron/electron#33188 in latest versions of Electron, but only if the Electron app uses fuses https://github.com/electron/fuses. There are other apps like 1Password that have other packages to block this behavior, https://github.com/1Password/electron-hardener.
I want to know if this is something that should be kept in mind for the Electron app, if it applies, and what measure can be done.
The text was updated successfully, but these errors were encountered:
A little more history about this issue mentioned here: https://github.com/antelle/electron-evil-feature-patcher
Sorry, something went wrong.
No branches or pull requests
Recently I have seen an increase in people using the ability to enable the communication of the inspector mechanism of Node.js (applies to Electron based apps) to execute/spawn host applications. It has taken a few more publicity the topic https://twitter.com/evilsocket/status/1564286074536738816 lately and https://github.com/evilsocket/jscythe.
The current behavior in the tweet is patched electron/electron#33188 in latest versions of Electron, but only if the Electron app uses fuses https://github.com/electron/fuses. There are other apps like 1Password that have other packages to block this behavior, https://github.com/1Password/electron-hardener.
I want to know if this is something that should be kept in mind for the Electron app, if it applies, and what measure can be done.
The text was updated successfully, but these errors were encountered: