| 4926 | Taking note: XSS to RCE in the Simplenote Electron client |
XSS
RCE |
Automattic |
Yasin Soliman (@SecurityYasin) |
Bug Bounty | 2017-11-22 | 2023-06-13 |
| 4677 | Vulnerability in Hangouts Chat a.k.a. how Electron makes open redirect great again |
Open redirect
RCE |
Google |
Michał Bentkowski (@SecurityMB) |
Bug Bounty | 2018-07-24 | 2023-06-13 |
| 3217 | Open Sesame: Escalating Open Redirect to RCE with Electron Code Review |
Open redirect
RCE
Security code review |
NA |
Eugene Lim (@spaceraccoonsec) |
Bug Bounty | 2020-08-14 | 2023-06-13 |
| 2912 | A %27Novel%27 Way to Bypass Executable Signature Checks with Electron |
Local Privilege Escalation |
NA |
Parsia Hackerman (@cryptogangsta) |
Bug Bounty | 2021-01-08 | 2023-06-13 |
| 2362 | Bug Bounty Stories #1: Tale of CSP bypass in an electron app! |
CSP bypass |
NA |
SecurityGOAT (@RuntimeSecurity) |
Bug Bounty | 2021-07-31 | 2023-06-13 |
| 1209 | Critical Local File Read in Electron Desktop App |
LFI |
Asana |
Renwa (@RenwaX23) |
Bug Bounty | 2022-08-17 | 2023-06-13 |
| 1120 | Quasar: Compromising Electron Apps |
Local Privilege Escalation |
Microsoft |
Taggart (@mttaggart) |
Bug Bounty | 2022-09-06 | 2023-06-13 |
| 895 | Visual Studio Code Jupyter Notebook RCE |
RCE
XSS
Arbitrary file read
Electron |
Microsoft |
Luca Carettoni (@lucacarettoni) |
Bug Bounty | 2022-10-27 | 2023-06-13 |
| 403 | Escaping well-configured VSCode extensions (for profit) |
Electron
Webview
Path traversal |
Microsoft |
Vasco Franco |
Bug Bounty | 2023-02-23 | 2023-06-13 |
| 304 | Vulnerabilities in the TPM 2.0 reference implementation code |
Memory corruption
Out-of-bounds Read
Out-of-bounds Write |
Microsoft
VMware
Google
IBM
Lenovo
Qemu
Nuvoton
Trusted Computing Group
STMicroelectronics
Aruba Networks
CERT/CC
libtpms |
Francisco Falcon (@fdfalcon) |
Bug Bounty | 2023-03-14 | 2023-06-13 |
