Critical vulnerabilities discovered in Framework Electron, Skype, Slack, Twitch and a series of affected apps

The framework of a variety of popular desktop applications such as Skype, Slack, Signal, Twitch . appears a serious security hole. It is important that this vulnerability only affects Windows.

While waiting for the developers of affected applications to update the new version to patch, Microsoft has updated Windows Defender to protect users from the threat of attack through this vulnerability.

This is a vulnerability of Electron - framework released in 2013. Based on web technologies like JavaScript, HTML and CSS, developers use it to create popular cross-platform applications like Skype, Visual Studio Code, Brave, Basecamp, GitHub, Ghost, Signal, Slack, Twitch, WordPress .

Whether this vulnerability is dangerous depends on how the developer uses the Electron protocol. Hackers can take advantage of this vulnerability to remotely execute malicious code to steal user data, and it impacts all applications using the Electron framework with a custom protocol processor.

The protocol processing vulnerability was patched by Electron development team on Electron 1.8.2-beta.4, 1.7.11 and 1.6.16. While waiting for developers to update the application, users can temporarily handle the instructions here. Skype has patched this vulnerability in the latest version, users can update.

See more:

• The new vulnerability on Intel allows hackers to take control of your computer within 30 seconds
• Overview of vulnerabilities on Intel, AMD, ARM chips: Meltdown and Specter
• Firefox Quantum 58 has an official version for Windows, enhanced security and has many new features