CVE-2020-26272

Name of the Vulnerable Software and Affected Versions: Electron versions prior to 9.4.0 Electron versions prior to 10.2.0 Electron versions prior to 11.1.0 Electron versions prior to 12.0.0-beta.9

Description: IPC messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply, or when using the remote module, can in some cases be delivered to the wrong frame. If an app uses remote, calls webContents.sendToFrame, or calls event.reply in an IPC message handler, then it is impacted by this issue.

Recommendations: For versions prior to 9.4.0, update to version 9.4.0 or later. For versions prior to 10.2.0, update to version 10.2.0 or later. For versions prior to 11.1.0, update to version 11.1.0 or later. For versions prior to 12.0.0-beta.9, update to version 12.0.0-beta.9 or later. As a temporary workaround, consider avoiding the use of remote, webContents.sendToFrame, and event.reply in IPC message handlers until a patch is applied.