CVE-2023-44402

Name of the Vulnerable Software and Affected Versions Electron versions prior to 22.3.24 Electron versions prior to 24.8.3 Electron versions prior to 25.8.1 Electron versions prior to 26.2.1 Electron versions prior to 27.0.0-alpha.7

Description This issue impacts Electron apps that have the embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses enabled, specifically on macOS where these fuses are currently supported. The issue can be exploited if the app is launched from a filesystem that an attacker has write access to, allowing them to edit files inside the .app bundle, which these fuses are supposed to protect against.

Recommendations For Electron versions prior to 22.3.24, update to version 22.3.24 or later. For Electron versions prior to 24.8.3, update to version 24.8.3 or later. For Electron versions prior to 25.8.1, update to version 25.8.1 or later. For Electron versions prior to 26.2.1, update to version 26.2.1 or later. For Electron versions prior to 27.0.0-alpha.7, update to version 27.0.0-alpha.7 or later.